1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
|
Return-Path: <rgrant@rgrant.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 885AC14AA
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 7 Oct 2015 05:08:20 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-yk0-f182.google.com (mail-yk0-f182.google.com
[209.85.160.182])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D54AEB0
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 7 Oct 2015 05:08:18 +0000 (UTC)
Received: by ykdz138 with SMTP id z138so6476274ykd.2
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 06 Oct 2015 22:08:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:sender:from:date:message-id:subject
:to:content-type;
bh=ONDQvD9iDyfhZl22kn4rhA/rsXOHW0ht3KKLW/pK85Q=;
b=McQqg8VY0Dg69sgLfJf/DpyyB2Jp0V9OVozKYx9s15ICMouWXzp4ARdrcDWrcXINJ8
4MB7b89B8w9VfG4y7GnrN30yOPtsE/h9jgO7TIP4l2IQ17bj+HtRstIYDxRyvwM19NgW
6uOSgwk/1BTrcSpD4Q9t3SSJyhNW0k+Wveth1kODmj0GxibcyKf2g1fNNgNMyJkTf2Lw
wwiEWDTw/ZpPn1caLzIqIPUy710QqzYIXqf7BxZH0nOjT6hBuGhlU8xB3DxzgVWKBpar
+Q+/g7jLWQoqi2mJXvfX+3wanEC9SX4IPgV9IqRwbCKc2IfMQGmqxqoj9fXKvTWOoQ3c
1I/Q==
X-Gm-Message-State: ALoCoQk/mqnMT6n2antFRGEQZU0ixE4dGJJ9q9Pi55A6uRG9MfEE29kMSgkyeKWCFH6oJlJyzlB4
X-Received: by 10.13.213.86 with SMTP id x83mr4593221ywd.217.1444194497859;
Tue, 06 Oct 2015 22:08:17 -0700 (PDT)
MIME-Version: 1.0
Sender: rgrant@rgrant.org
Received: by 10.37.215.197 with HTTP; Tue, 6 Oct 2015 22:07:48 -0700 (PDT)
From: Ryan Grant <bitcoin-dev@rgrant.org>
Date: Wed, 7 Oct 2015 01:07:48 -0400
X-Google-Sender-Auth: iNyLDtxu5kX-YU4jgAKdgz9C_hs
Message-ID: <CAMnpzfpixzTgYzvhQM_v1pWg1OHWZ49oz7qd+q_7NE_Gajqx7w@mail.gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Content-Type: text/plain; charset=UTF-8
X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW,
TO_NO_BRKTS_PCNT autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [bitcoin-dev] on rough consensus
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2015 05:08:20 -0000
Bitcoin's participants can improve their ability to stay on a valuable
and censorship resistant blockchain by individually and informally
absorbing cultural wisdom regarding "rough consensus". This does not
require writing any formal rules about what rough consensus is. It is
a matter of participation with an understanding.
https://www.ietf.org/tao.html#rfc.section.2
In many ways, the IETF runs on the beliefs of its participants.
One of the "founding beliefs" is embodied in an early quote about
the IETF from David Clark: "We reject kings, presidents and
voting. We believe in rough consensus and running code".
A June 2015 bitcoin-dev thread, arguing about consensus, included the
usual range of responses; ranging from claims that any objection must
block consensus to a definition based on US Justice Stewart's "I'll
know it when I see it". (It's funny because it's true. We can
explain it better, though.)
"Concerns Regarding Threats by a Developer to Remove Commit Access
from Other Developers"
http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-June/008772.html
An August 2015 cryptography-list thread presents the idea that rough
consensus can be used as a tool for hindering progress. The specific
threat was that two protocol options could be made to seem equally
good. To solve this example, identify that as the problem, then
engage a judgement to pick one solution "good enough" (but that does
not lead to a dead-end for other goals of the project), and go with
it. There is room, within "rough consensus", for such action to
defend against the attack; as you can see from other excerpts in this
message.
"[Cryptography] asymmetric attacks on crypto-protocols - the rough
consensus attack"
http://www.metzdowd.com/pipermail/cryptography/2015-August/026151.html
To learn about forming a useful "rough consensus", see the very
readable "Tao of the IETF", and RFC 7282.
"The Tao of the IETF"
https://www.ietf.org/tao.html
(previously RFC 4677)
RFC 7282
"On Consensus and Humming in the IETF"
https://tools.ietf.org/html/rfc7282
Strong objections don't block rough consensus:
https://www.ietf.org/tao.html#getting.things.done
Rough consensus has been defined in many ways; a simple version is
that it means that strongly held objections must be debated until
most people are satisfied that these objections are wrong.
https://tools.ietf.org/html/rfc7282
Having full consensus, or unanimity, would be ideal, but we don't
require it: Requiring full consensus allows a single intransigent
person who simply keeps saying "No!" to stop the process cold. We
only require rough consensus: If the chair of a working group
determines that a technical issue brought forward by an objector
has been truly considered by the working group, and the working
group has made an informed decision that the objection has been
answered or is not enough of a technical problem to prevent moving
forward, the chair can declare that there is rough consensus to go
forward, the objection notwithstanding.
The working group chair's responsibility is different from that of
either a vote counter or a benign dictator:
http://tools.ietf.org/html/rfc2418
Note that 51% of the working group does not qualify as "rough
consensus" and 99% is better than rough. It is up to the Chair to
determine if rough consensus has been reached.
https://tools.ietf.org/html/rfc7282
3. Rough consensus is achieved when all issues are addressed, but
not necessarily accommodated
[...]
If the chair finds, in their technical judgement, that the issue
has truly been considered, and that the vast majority of the
working group has come to the conclusion that the tradeoff is
worth making, even in the face of continued objection from the
person(s) who raised the issue, the chair can declare that the
group has come to rough consensus. (And even though this is
framed in terms of a "vast majority", even that is not
necessarily true. This point is discussed in more detail in
Sections 6 and 7.)
[...]
The chair of a working group who is about to find that there is
only rough consensus is going to have to decide that not only
has the working group taken the objection seriously, but that it
has **fully examined the ramifications** of not making a change
to accommodate it, and that the outcome does not constitute a
failure to meet the technical requirements of the work.
[...]
6. One hundred people for and five people against might not be
rough consensus
[...] one of the great strengths of using consensus over voting:
It isn't possible to use "vote stuffing" (simply recruiting a
large number of people to support a particular side, even people
who have never participated in a working group or the IETF at
all) to change the outcome of a consensus call. As long as the
chair is looking for outstanding technical objections and not
counting heads, vote stuffing shouldn't affect the outcome of
the consensus call.
7. Five people for and one hundred people against might still be
rough consensus
[...Sybil attack] it is within bounds for the chair to say, "We
have objections, but the objections have been sufficiently
answered, and the objectors seem uninterested in participating
in the discussion. Albeit rough in the extreme, there is rough
consensus to go with the current solution."
[...] it is likely that if a working group got this
dysfunctional, it would put the whole concept of coming to rough
consensus at risk. But still, the correct outcome in this case
is to look at the very weak signal against the huge background
noise in order to find the rough consensus.
Working group chairs can help direct discussion:
https://www.ietf.org/tao.html#rfc.section.4.1
Sometimes discussions get stuck on contentious points and the
chair may need to steer people toward productive interaction and
then declare when rough consensus has been met and the discussion
is over.
Some working groups segregate the role of forming a consensus from
communicating the consensus:
https://www.ietf.org/tao.html#rfc.section.4.2
Another method that some Working Groups adopt is to have a Working
Group "secretary" to handle the juggling of the documents and the
changes. The secretary can run the issue tracker if there is one,
or can simply be in charge of watching that all of the decisions
that are made on the mailing list are reflected in newer versions
of the documents.
Bitcoin Core is neither an IETF working group, nor should it aim to
curate its network protocol ruleset as one. The IETF uses a steering
group, formal variance procedures, an appeals board, and a director
(to send even higher appeals to). All of those positions could become
points of attack, if Bitcoin were to attempt to use or copy them.
That said, most IETF appeal routes are merely authorized to undo a
prior ruling of consensus, opening for reconsideration prior dismissed
points of argument (on their technical merits). In Bitcoin, if
developers know what to work on, and can speak clearly enough to the
economic majority, then the system is working; regardless of whether
any role exists taking all the responsibility that an IETF working
group chair would take.
It is absolutely the case that resolving excessive roughness in shared
consensus takes more work than either votes or dictatorship. It is
also the case that rough consensus is a good defense against
committing to decisions with subtle undesirable long-term effects.
That is why the IETF cares about it, and that same long-term threat is
important in Bitcoin's ecosystem as well.
/// References and Selected IETF Excerpts ///
"The Tao of the IETF"
https://www.ietf.org/tao.html
A 2012 continuation of 2006's RFC 4677, itself first published in
1994.
BCP 25
http://tools.ietf.org/html/rfc2418
(1998)
3.3. Session management
Working groups make decisions through a "rough consensus"
process. IETF consensus does not require that all participants
agree although this is, of course, preferred. In general, the
dominant view of the working group shall prevail. (However, it
must be noted that "dominance" is not to be determined on the
basis of volume or persistence, but rather a more general sense
of agreement.) Consensus can be determined by a show of hands,
humming, or any other means on which the WG agrees (by rough
consensus, of course). Note that 51% of the working group does
not qualify as "rough consensus" and 99% is better than rough.
It is up to the Chair to determine if rough consensus has been
reached.
In the case where a consensus, which has been reached during a
face-to-face meeting, is being **verified on a mailing list**,
the people who were in the meeting and expressed agreement must
be taken into account. If there were 100 people in a meeting
and only a few people on the mailing list disagree with the
consensus of the meeting then the consensus should be seen as
being verified. Note that enough time should be given to the
verification process for the mailing list readers to understand
and consider any objections that may be raised on the list. The
normal two week last-call period should be sufficient for this.
[...]
To facilitate making forward progress, a Working Group Chair may
wish to decide to reject or defer the input from a member, based
upon the following criteria:
- Old
The input pertains to a topic that already has been resolved
and is redundant with information previously available;
- Minor
The input is new and pertains to a topic that has already
been resolved, but it is felt to be of minor import to the
existing decision;
- Timing
The input pertains to a topic that the working group has not
yet opened for discussion; or
- Scope
The input is outside of the scope of the working group
charter.
[...]
RFC 2026
"The Internet Standards Process -- Revision 3"
http://tools.ietf.org/html/rfc2026#section-6.5
6.5 Conflict Resolution and Appeals
[...]
RFC 7282
"On Consensus and Humming in the IETF"
https://tools.ietf.org/html/rfc7282
1. Introduction
[...] our credo is that we don't let a single individual dictate
decisions (a king or president), nor should decisions be made by
a vote, nor do we want decisions to be made in a vacuum without
practical experience. Instead, we strive to make our decisions
by the consent of all participants, though allowing for some
dissent (rough consensus), and to have the actual products of
engineering (running code) trump theoretical designs.
Having full consensus, or unanimity, would be ideal, but we
don't require it: Requiring full consensus allows a single
intransigent person who simply keeps saying "No!" to stop the
process cold. We only require rough consensus: If the chair of
a working group determines that a technical issue brought
forward by an objector has been truly considered by the working
group, and the working group has made an informed decision that
the objection has been answered or is not enough of a technical
problem to prevent moving forward, the chair can declare that
there is rough consensus to go forward, the objection
notwithstanding.
2. Lack of disagreement is more important than agreement
[...] **determining** consensus and **coming to** consensus are
different things than **having** consensus [emphasis in
original].
[...]If at the end of the discussion some people have not gotten
the choice that they prefer, but they have become convinced that
the chosen solution is acceptable, albeit less appealing, they
have still come to consensus. Consensus doesn't require that
everyone is happy and agrees that the chosen solution is the
best one. Consensus is when everyone is sufficiently satisfied
with the chosen solution, such that they **no longer have
specific objections** to it.
[...] "Can anyone not live with choice A?" is more likely to
only hear from folks who think that choice A is impossible to
engineer given some constraints. Following up with, "What are
the reasons you object to choice A?" is also essential.
[...]
There is also an important point to be made about reaching
consensus and "compromising": Unfortunately, the word
"compromise" gets used in two different ways, and though one
sort of compromising to come to consensus is good (and
important), the other sort of compromising in order to achieve
consensus can actually be harmful. As mentioned earlier,
engineering always involves balancing tradeoffs, and figuring
out whether one engineering decision makes more sense on balance
compared to another involves making engineering "compromises":
We might have to compromise processor speed for lower power
consumption, or compromise throughput for congestion resistance.
Those sorts of compromises are among **engineering choices**,
and they are **expected and essential**. We always want to be
weighing tradeoffs and collectively choosing the set that best
meets the full set of requirements.
However, there is another sense of "compromise" that involves
compromising between people, not engineering principles. For
example, a minority of a group might object to a particular
proposal, and even after discussion still think the proposal is
deeply problematic, but decide that they don't have the energy
to argue against it and say, "Forget it, do what you want".
That surely can be called a compromise, but a chair might
mistakenly take this to mean that they agree, and have therefore
come to consensus. But really all that they've done is
capitulated; they've simply given up by trying to appease the
others. That's not coming to consensus; there still exists an
outstanding unaddressed objection. Again, if the objection is
only that the choice is not ideal but is otherwise acceptable,
such a compromise is fine. But **conceding** when there is a
real outstanding technical objection **is not coming to
consensus**.
[...]
Coming to consensus is when everyone (including the person
making the objection) comes to the conclusion that either the
objections are valid, and therefore make a change to address the
objection, or that the objection was not really a matter of
importance, but **merely a matter of taste**. Of course, coming
to full consensus like that does not always happen. That's why
in the IETF, we talk about "rough consensus".
3. Rough consensus is achieved when all issues are addressed, but
not necessarily accommodated
[...]
If the chair finds, in their technical judgement, that the issue
has truly been considered, and that the vast majority of the
working group has come to the conclusion that the tradeoff is
worth making, even in the face of continued objection from the
person(s) who raised the issue, the chair can declare that the
group has come to rough consensus. (And even though this is
framed in terms of a "vast majority", even that is not
necessarily true. This point is discussed in more detail in
Sections 6 and 7.)
[...]
The chair of a working group who is about to find that there is
only rough consensus is going to have to decide that not only
has the working group taken the objection seriously, but that it
has **fully examined the ramifications** of not making a change
to accommodate it, and that the outcome does not constitute a
failure to meet the technical requirements of the work.
In order to do this, the chair will need to have a good idea of
the purpose and architecture of the work being done, perhaps
referring to the charter of the working group or a previously
published requirements document, or even consulting with other
experts on the topic, and then the chair will use **their own
technical judgement** to make sure that the solution meets those
requirements. It is possible that the chair can come to the
wrong conclusion, and the chair's conclusion is always
appealable should that occur, but the chair must use their
judgement in these cases. What can't happen is that the chair
bases their decision solely on hearing a large number of voices
simply saying, "The objection isn't valid." That would simply
be to take a vote. A **valid justification needs to me made**.
[...] Indeed, RFC 2418 adds on to [old talk of balloting] by
stating, "Note that 51% of the working group does not qualify as
'rough consensus' and 99% is better than rough." This document
actually disagrees with the idea that simply balloting or
otherwise looking at percentages can "determine" consensus.
While counting heads might give a good guess as to what the
rough consensus will be, doing so can allow important minority
views to get lost in the noise. One of the strengths of a
consensus model is that minority views are addressed, and using
a rough consensus model should not take away from that. That is
why this document talks a great deal about looking at open
issues rather than just counting the number of people who do or
do not support any given issue. Doing so has some interesting
and surprising implications that are discussed in subsequent
sections.
Any finding of rough consensus needs, at some level, to provide
a **reasoned explanation** to the person(s) raising the issue of
why their concern is not going to be accommodated. A good
outcome is for the objector to **understand the decision taken
and accept the outcome**, even though their particular issue is
not being accommodated in the final product.
Remember, if the objector feels that the issue is so essential
that it must be attended to, they always have the option to file
an appeal. A technical error is always a valid basis for an
appeal. [...]
4. Humming should be the start of a conversation, not the end
[...] a show of hands might leave the impression that the number
of people matters in some formal way.
5. Consensus is the path, not the destination
We don't try to reach consensus in the IETF as an end in itself.
We use consensus-building as a tool to get to the best technical
(and sometimes procedural) outcome when we make decisions.
Experience has shown us that traditional voting leads to gaming
of the system, "compromises" of the wrong sort as described
earlier, important minority views being ignored, and, in the
end, worse technical outcomes.
6. One hundred people for and five people against might not be
rough consensus
[...] one of the great strengths of using consensus over voting:
It isn't possible to use "vote stuffing" (simply recruiting a
large number of people to support a particular side, even people
who have never participated in a working group or the IETF at
all) to change the outcome of a consensus call. As long as the
chair is looking for outstanding technical objections and not
counting heads, vote stuffing shouldn't affect the outcome of
the consensus call.
[...]
Even if no particular person is still standing up for an issue,
that doesn't mean an issue can be ignored. As discussed
earlier, simple capitulation on an issue is not coming to
consensus. But even in a case where someone who is not an
active participant, who might not care much about the fate of
the work, raises a substantive issue and subsequently
disappears, the issue needs to be addressed before the chair can
claim that rough consensus exists.
7. Five people for and one hundred people against might still be
rough consensus
[...Sybil attack] it is within bounds for the chair to say, "We
have objections, but the objections have been sufficiently
answered, and the objectors seem uninterested in participating
in the discussion. Albeit rough in the extreme, there is rough
consensus to go with the current solution."
[...] it is likely that if a working group got this
dysfunctional, it would put the whole concept of coming to rough
consensus at risk. But still, the correct outcome in this case
is to look at the very weak signal against the huge background
noise in order to find the rough consensus.
9. Security Considerations
"He who defends with love will be secure." -- Lao Tzu
|
