Return-Path: Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 59CF4C000B; Sun, 13 Feb 2022 06:09:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 3AAF760AFC; Sun, 13 Feb 2022 06:09:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp3.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=tutanota.de Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xnlb1yaJvGMy; Sun, 13 Feb 2022 06:09:08 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 Received: from w1.tutanota.de (w1.tutanota.de [81.3.6.162]) by smtp3.osuosl.org (Postfix) with ESMTPS id DE011606BF; Sun, 13 Feb 2022 06:09:07 +0000 (UTC) Received: from w3.tutanota.de (unknown [192.168.1.164]) by w1.tutanota.de (Postfix) with ESMTP id CEEDAFBF8C3; Sun, 13 Feb 2022 06:09:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1644732545; s=s1; d=tutanota.de; h=From:From:To:To:Subject:Subject:Content-Description:Content-ID:Content-Type:Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:In-Reply-To:MIME-Version:MIME-Version:Message-ID:Message-ID:Reply-To:References:Sender; bh=hMnGplEQwpNo0cS1E3U6ciX2tuOHvXDkB14gxpu0vVI=; b=r0X7Hgl/0v5gk11+ZaHwFol9zMUqEW1z4B+Z4goInHaWuQG/jNU9tU0eJj8VZX3y BjTM987JaY1PWlVA0mcmv7tR45VVSB/3SEuSjQ+c9IXRKepUb55o/tQxgh+dLNCYwkU 4W3CS9DkBmcWUUaHu3dvyDOc5vSPPkdc16X6kVteFgypf1pl3mbHCac4pa854VxSNHI 8wLlGnloFEcCG0j12BvaNNWgM14y38f607kIKa+XumR2/5uMEYA4wRMD6G/Vjl0KYl3 PrGnX2rZSn8FvNwDcDZDy7jiJELqVPmakgfeGsqkPEPXiUbUWdxrhEI8oyDeDvSHBpu w/vA/+opAg== Date: Sun, 13 Feb 2022 07:09:05 +0100 (CET) From: Prayank To: Bitcoin Dev Message-ID: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_169847_1641830401.1644732545829" X-Mailman-Approved-At: Sun, 13 Feb 2022 08:44:10 +0000 Cc: Lightning Dev Subject: [bitcoin-dev] Lightning and other layer 2 projects with multiple RBF policies X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Feb 2022 06:09:09 -0000 ------=_Part_169847_1641830401.1644732545829 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Hello World, There was a discussion about improving fee estimation in Bitcoin Core last year in which 'instagibbs' mentioned that we cannot consider mempool as an orderbook in which which everyone is bidding for block space because nodes can use different relay policies: https://bitcoin-irc.chaincode.com/bitcoin-core-dev/2021-09-22#706294; Although I still don't consider fee rates used in last few blocks relevant for fee estimation, it is possible that we have nodes with different relay policies. Similarly if we have different RBF policies being used by nodes in future, how would this affect the security of lightning network implementations and other layer 2 projects? Based on the things shared by 'aj' in https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-February/019846.html it is possible for an attacker to use a different RBF policy with some nodes, 10% hash power and affect the security of different projects that rely on default RBF policy in latest Bitcoin Core. There was even a CVE in which RBF policy not being documented according to the implementation could affect the security of LN: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html 1.Is Lightning Network and a few other layer 2 projects vulnerable to multiple RBF policies being used? 2.With recent discussion to change things in default RBF policy used by Core, will we have multiple versions using different policies? Are users and especially miners incentivized to use different versions and policies? Do they have freedom to use different RBF policy? 3.Are the recent improvements suggested for RBF policy only focused on Lightning Network and its security which will anyway remain same or become worse with multiple RBF policies? Note: Bitcoin Knots policy is fully configurable, even in the GUI - users can readily choose whatever policy *they* want. -- Prayank A3B1 E430 2298 178F ------=_Part_169847_1641830401.1644732545829 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hello World,

Th= ere was a discussion about improving fee estimation in Bitcoin Core last ye= ar in which 'instagibbs' mentioned that we cannot consider mempool as an or= derbook in which which everyone is bidding for block space because nodes ca= n use different relay policies: https://bitcoin-irc.chaincode.com/bitcoin-c= ore-dev/2021-09-22#706294;

Although I still don't consider fee rates used in last few blocks re= levant for fee estimation, it is possible that we have nodes with different= relay policies.

Similarly if we have different RBF policies being used by nodes in future= , how would this affect the security of lightning network implementations a= nd other layer 2 projects?

Based on the thing= s shared by 'aj' in
https://lists.linuxfoundation.org/pipermail/b= itcoin-dev/2022-February/019846.html it is possible for an attacker to use = a different RBF policy with some nodes, 10% hash power and affect the secur= ity of different projects that rely on default RBF policy in latest Bitcoin= Core.

There was even a CVE in which RBF policy not being documented= according to the implementation could affect the security of LN:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/0188= 93.html

1.Is Lightni= ng Network and a few other layer 2 projects vulnerable to multiple RBF poli= cies being used?

2.= With recent discussion to change things in default RBF policy used by Core,= will we have multiple versions using different policies? Are users and esp= ecially miners incentivized to use different versions and policies? Do they= have freedom to use different RBF policy?

<= /div>
3.Are the recent improvements suggested for RBF poli= cy only focused on Lightning Network and its security which will anyway rem= ain same or become worse with multiple RBF policies?

Note: Bitcoin Knots policy is fully configurable, even = in the GUI - users can readily choose whatever policy *they* want.

--
Prayank
<= br>
A3B1 E430 2298 178F
------=_Part_169847_1641830401.1644732545829--