Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YPFR8-0003l0-IJ for bitcoin-development@lists.sourceforge.net; Sat, 21 Feb 2015 19:09:58 +0000 Received: from mail-wi0-f177.google.com ([209.85.212.177]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YPFR6-0007jZ-TK for bitcoin-development@lists.sourceforge.net; Sat, 21 Feb 2015 19:09:58 +0000 Received: by mail-wi0-f177.google.com with SMTP id bs8so9140346wib.4 for ; Sat, 21 Feb 2015 11:09:50 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=px5sVtA2vVTJXaxT9LB1RtnejrDWBs7XxT5eIjxtuJU=; b=Z6WzR9EwavHLn2Lij3gA7C+tEJd2ahMjr5W+N/IoXKqUrwCYw9yvUSjI6mfksaiIYA bmeSv+tpF55c3g64Xpl/LiRx2xBWIK+r5jyol7PQCMPwM7F/vBSPrZ9RCYPDEuBgboIq lE5stOCogTnG4cnvyg0MgUvS2f97B2IafcyvS+W8quJ2ZNyHpbehNxk1hc8kaC/H9qYz Bait4/buieq7DrdRFbh6eSvzzkTfUzp4F0QS9S4g5FGCNKrqRNv2Uvt2wHdQvmXS1ke7 n/dySGPm115ieeZvUYY/hq8/KyyJMBimJyJ53734KbH+brVQglxFiUjOKZl0/Mzj8NNe zRVQ== X-Gm-Message-State: ALoCoQnDy1JT7p+N7SPFOorptp1JlxDIMI31UwCyCEcFXLXF1t6sdNquoNmjNbIl+hYOar4Fdz8C MIME-Version: 1.0 X-Received: by 10.194.19.197 with SMTP id h5mr6787300wje.109.1424545790515; Sat, 21 Feb 2015 11:09:50 -0800 (PST) Received: by 10.194.133.74 with HTTP; Sat, 21 Feb 2015 11:09:50 -0800 (PST) X-Originating-IP: [173.228.107.141] In-Reply-To: <20150219085604.GT14804@nl.grid.coop> References: <20150212064719.GA6563@savin.petertodd.org> <20150215212512.GR14804@nl.grid.coop> <54E11248.6090401@gmail.com> <20150219085604.GT14804@nl.grid.coop> Date: Sat, 21 Feb 2015 20:09:50 +0100 Message-ID: From: =?UTF-8?B?Sm9yZ2UgVGltw7Nu?= To: Troy Benjegerdes Content-Type: text/plain; charset=UTF-8 X-Spam-Score: 0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. X-Headers-End: 1YPFR6-0007jZ-TK Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] replace-by-fee v0.10.0rc4 X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2015 19:09:58 -0000 I agree "scorched hearth" is a really bad name for the 0 conf protocol based on game theory. I would have preferred "stag hunt" since that's basically what it's using (see http://en.wikipedia.org/wiki/Stag_hunt) but I like the protocol and I think it would be interesting to integrate it in the payment protocol. Even if that protocol didn't existed or didn't worked, replace-by-fee is purely part of a node's policy, not part of consensus. From the whitepaper, 0 conf transactions being secure by the good will of miners was never an assumption, and it is clear to me that the system cannot provide those guaranties based on such a weak scheme. I believe thinking otherwise is naive. As to consider non-standard policies "an attack to bitcoin" because "that's not how bitcoin used to work", then I guess minimum relay fee policies can also be considered "an attack to bitcoin" on the same grounds. Lastly, "first-seen-wins" was just a simple policy to bootstrap the system, but I expect that most nodes will eventually move to policies that are economically rational for miners such as replace-by-fee. Not only I disagree this will be "the end of bitcoin" or "will push the price of the btc miners are mining down", I believe it will be something good for bitcoin. Since this is apparently controversial I don't want to push for replace-by-fee to become the new standard policy (something that would make sense to me). But once the policy code is sufficiently modular as to support several policies I would like bitcoin core to have a CReplaceByFeePolicy alongside CStandardPolicy and a CNullPolicy (no policy checks at all). One step at a time I guess... On Thu, Feb 19, 2015 at 9:56 AM, Troy Benjegerdes wrote: > On Sun, Feb 15, 2015 at 11:40:24PM +0200, Adam Gibson wrote: >> >> >> On 02/15/2015 11:25 PM, Troy Benjegerdes wrote: >> > >> > Most money/payment systems include some method to reverse or undo >> > payments made in error. In these systems, the longer settlement >> > times you mention below are a feature, not a bug, and give more >> > time for a human to react to errors and system failures. >> > >> >> Settlement has to be final somewhere. That is the whole point of it. >> Transfer costs in current electronic payment systems are a direct >> consequence of their non-finality. That's the point Satoshi was making >> in the introduction to the whitepaper: "With the possibility of >> reversal, the need for trust spreads". > > The problem with that statement is I trust a merchant that I went into > a store and made a payment with personally more than I trust the firmware > on my hard drive [1]. > > The attack surface of devices in your computer is huge. A motivated attacker > just needs to get an intern into a company that makes some kind of component > or system that's in your computer, cloud server, hardware wallet, or what > have you that has firmware capable of reading your private keys. > > With the possibility of mass trojaned hardware, if we are going to trust > the system, it must somehow allow reversal through a human-in-the-loop. > >> There is nothing wrong with having reversible mechanisms built on top >> of Bitcoin, and indeed it makes sense for most activity to happen at >> those higher layers. It's easy to build things that way, but >> impossible to build them the other way: you can't build a >> non-reversible layer on top of a reversible layer. > > We built 'reliable' TCP on top of unreliable ethernet networks. My experience > with networking was if you tried to guarantee message delivery at the lowest > level, the system got exceedingly complicated, expensive, and brittle. > > Most applications, in particular paying someone you already trust, are quite > happy running on reversible systems, and in some cases more reliable and > lower risk. (carrying non-reversible cash is generally considered risky) > > The problem is that if the base currency is assumed to be non-reversible, > then it's brittle and becomes 'too big to fail'. > > Where the blockchain improves on everything else is in transparency. If you > reverse transactions a lot, it will be obvious from an analysis. I would much > rather deal with a known, predictable, and relatively continous transaction > reversal rate (percentage) than have to deal with sudden failures where > some anonymous bad actor makes off with a fortune. > > We already have zero-conf double-spend transaction reversal, why not explicitly > extend that a little in a way that senders and receivers have a choice to > use it, or not? > > > [1] http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216 > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development