Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 13A15C0029 for ; Thu, 15 Jun 2023 10:39:52 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id E0B1041F92 for ; Thu, 15 Jun 2023 10:39:51 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org E0B1041F92 Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20221208 header.b=YTRQd0EH X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.848 X-Spam-Level: X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aBOQFTNy0uai for ; Thu, 15 Jun 2023 10:39:50 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 7443041F7D Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) by smtp4.osuosl.org (Postfix) with ESMTPS id 7443041F7D for ; Thu, 15 Jun 2023 10:39:50 +0000 (UTC) Received: by mail-lf1-x135.google.com with SMTP id 2adb3069b0e04-4f004cc54f4so10300991e87.3 for ; Thu, 15 Jun 2023 03:39:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686825588; x=1689417588; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=BSN6HNqhJWOuMPAOHQJnT9624iIuGaNDsdd6dOTX9f0=; b=YTRQd0EHnuvB+gBptP4408lloPAvMbHdMMLOX//qyYzyNyoLAPliY6cEGPqCi0ctcr UErQ6vScjVnkgJgDpj4PXy8Gr3IySiENeWbfevam5ZZecUgko+i5Nyntn7IXOQdtkB4G LuDW9FIRVWL/BGRYYhqUm+im95Wo/FAtkPBG4ny9kZ/S4uShfu4SWG9vIU4qxwFmdB3c 5dgkOiLXAPQ5DWb647IxUUIZO0Pw+Osbh1g4zt9mzglTPf1MbfU6qE3sVSZ5HKYCtY14 VSk/KWbgYuB2NgWCun3xH9oGHDCn4neEWD56dPPanD3IlgrZksReklFUXtaExAUdErhx TvlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686825588; x=1689417588; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=BSN6HNqhJWOuMPAOHQJnT9624iIuGaNDsdd6dOTX9f0=; b=Fcxc6rp7mnP1dEkoLaWbimq6ujp5myWP+EE8qogXCmPRN4qrOXS7X1P69Pdy0TTG7E Yj3x8aBnOky3ApoNFdp1yuWld8BUu/O8YwTOEBSOKiaX3N2Xg+QaU71etDUcn2aN8RE1 MhAeMkZieFRtjgfWTAuWh/WTp0XEd/DgNTF9OvUjmBj5q2UNaAIboFYH+c5UA9hs3qI3 xgVd0OewOGGULD7Danj6zds4aipaQ0hqamliwhxlanxgdtLKXeK9TefnOp3ArlFm1U5w JxldfR7G/RfWXr6cqmwK2ZQf9f/PeeFklaGXYwklkPkpHVainE3+sUOtK3ZAtevD3fiw JEiA== X-Gm-Message-State: AC+VfDwhZlrqDWsoTiR3Tyw5bnpk8G/ko342ROLUIIXpF3i0+7qFUKGH 9d9OB8dAP7aqb7kJSSV9SahKkvtF0xewtZfV9/Q= X-Google-Smtp-Source: ACHHUZ5bCEQ3baw3Xb10+xztGNqavtLpUPEeRgWjkQsub5+xhPL/DmGKTe19KnBrzvsbpin2bgRL8hSYyituVgvcmak= X-Received: by 2002:a05:6512:459:b0:4f6:2e5f:45cc with SMTP id y25-20020a056512045900b004f62e5f45ccmr9503813lfk.3.1686825587750; Thu, 15 Jun 2023 03:39:47 -0700 (PDT) MIME-Version: 1.0 References: <29ff546a6007cec1a0f85b91541f8e4d@dtrt.org> In-Reply-To: From: Greg Sanders Date: Thu, 15 Jun 2023 06:39:36 -0400 Message-ID: To: Joost Jager Content-Type: multipart/alternative; boundary="000000000000f4bf0305fe28afa6" Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Standardisation of an unstructured taproot annex X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Jun 2023 10:39:52 -0000 --000000000000f4bf0305fe28afa6 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Joost, > Ignoring the argument that policy may provide a false sense of security This may take longer form arguments than I'm willing to make on this thread, but I think this only true in a shallower sense that we cannot know for sure that anything will be confirmed quickly. When crafting policy, we are trying to make as reliable-as-possible systems to allow people to pay miners. That may mean opening up the annex to potential use-cases, but it certainly means allowing current users of the p2p network to make reasonable feerate transactions in coinjoin-like scenarios. Ideally we shoot for as many use cases as we can, to pay these miners. > Would it then still be necessary to restrict the annex to a maximum size? I think it's worth thinking about to protect the opt-in users, and can also be used for other anti-pinning efforts(though clearly not sufficient by itself for the many many pinning vectors we have :) ) Cheers, Greg On Thu, Jun 15, 2023 at 5:36=E2=80=AFAM Joost Jager = wrote: > Hi Greg, > > Getting back to this: > > Another solution could be to make annex usage "opt-in" >> by requiring all inputs to commit to an annex to be relay-standard. In >> this case, you've opted into a possible >> vector, but at least current usage patterns wouldn't be unduly affected. >> > > Ignoring the argument that policy may provide a false sense of security, = I > think this is an interesting idea. Opt-in would enable convenants through > presigned txes with atomic on-chain signature backup, without needing to > worry about non-annex multi-party protocols (coinjoin and dual funded > lightning mentioned previously) that may suffer from annex inflation or t= he > last signer presenting an unexpected annex. The downside is just that ext= ra > empty annex byte per input, if there are other inputs involved. To me tha= t > would be a reasonable trade-off. > > Would it then still be necessary to restrict the annex to a maximum size? > Perhaps not opting into annex for multi-party protocols is sufficient. Or > otherwise, #24007 may be helpful. It is hard to pick a constant usually. > > Joost. > --000000000000f4bf0305fe28afa6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Joost,

> Ignoring the argument th= at policy may provide a false sense of security

Th= is may take longer form arguments than I'm willing to make on this thre= ad, but I think this only true in a shallower sense that we cannot know for= sure that anything will be confirmed quickly. When crafting policy, we are= trying to make as reliable-as-possible systems to allow people to pay mine= rs. That may mean opening up the annex to potential use-cases, but it certa= inly means allowing current users of the p2p network to make reasonable fee= rate transactions=C2=A0in coinjoin-like scenarios. Ideally we shoot for as = many use cases as we can, to pay these miners.

>= ; Would it then still be necessary to restrict the annex to a maximum size?=

I think it's worth thinking about to protect = the opt-in users, and can also be used for other anti-pinning efforts(thoug= h clearly not sufficient by itself for the many many pinning vectors we hav= e :) )

Cheers,
Greg

On Thu, Jun 15,= 2023 at 5:36=E2=80=AFAM Joost Jager <joost.jager@gmail.com> wrote:
Hi Greg,

Getting back to this:

Another solution could be = to make annex usage "opt-in"
by requiring all inputs to= commit to an annex to be relay-standard. In this case, you've opted in= to a possible
vector, but at least current usage patterns wouldn&= #39;t be unduly affected.=C2=A0
=C2=A0
Ignoring the argument that policy may provide a false sense of sec= urity, I think this is an interesting idea. Opt-in would enable convenants = through presigned txes with atomic on-chain signature backup, without needi= ng to worry about non-annex multi-party protocols (coinjoin and dual funded= lightning mentioned previously) that may suffer from annex inflation or th= e last signer presenting an unexpected annex. The downside is just that ext= ra empty annex byte per input, if there are other inputs involved. To me th= at would be a reasonable trade-off.

Would it then = still be necessary to restrict the annex to a maximum size? Perhaps not opt= ing into annex for multi-party protocols is sufficient. Or otherwise, #2400= 7 may be helpful. It is hard to pick a constant usually.

Joost.
--000000000000f4bf0305fe28afa6--