Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YsGzM-0004dW-Ug for bitcoin-development@lists.sourceforge.net; Tue, 12 May 2015 20:41:16 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.213.177 as permitted sender) client-ip=209.85.213.177; envelope-from=gappleto97@gmail.com; helo=mail-ig0-f177.google.com; Received: from mail-ig0-f177.google.com ([209.85.213.177]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YsGzL-0006bx-RP for bitcoin-development@lists.sourceforge.net; Tue, 12 May 2015 20:41:16 +0000 Received: by igbpi8 with SMTP id pi8so120345031igb.1 for ; Tue, 12 May 2015 13:41:10 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.50.176.137 with SMTP id ci9mr6296916igc.2.1431463270474; Tue, 12 May 2015 13:41:10 -0700 (PDT) Received: by 10.107.165.21 with HTTP; Tue, 12 May 2015 13:41:10 -0700 (PDT) Received: by 10.107.165.21 with HTTP; Tue, 12 May 2015 13:41:10 -0700 (PDT) In-Reply-To: References: <20150512171640.GA32606@savin.petertodd.org> Date: Tue, 12 May 2015 16:41:10 -0400 Message-ID: From: gabe appleton To: Jeff Garzik Content-Type: multipart/alternative; boundary=089e0111e0dabf1a560515e88382 X-Spam-Score: -0.3 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gappleto97[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (gappleto97[at]gmail.com) 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1YsGzL-0006bx-RP Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Proposed additional options for pruned nodes X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2015 20:41:17 -0000 --089e0111e0dabf1a560515e88382 Content-Type: text/plain; charset=UTF-8 I suppose this begs two questions: 1) why not have a partial archive store the most recent X% of the blockchain by default? 2) why not include some sort of torrent in QT, to mitigate this risk? I don't think this is necessarily a good idea, but I'd like to hear the reasoning. On May 12, 2015 4:11 PM, "Jeff Garzik" wrote: > True. Part of the issue rests on the block sync horizon/cliff. There is > a value X which is the average number of blocks the 90th percentile of > nodes need in order to sync. It is sufficient for the [semi-]pruned nodes > to keep X blocks, after which nodes must fall back to archive nodes for > older data. > > There is simply far, far more demand for recent blocks, and the demand for > old blocks very rapidly falls off. > > There was even a more radical suggestion years ago - refuse to sync if too > old (>2 weeks?), and force the user to download ancient data via torrent. > > > > On Tue, May 12, 2015 at 1:02 PM, Gregory Maxwell > wrote: > >> On Tue, May 12, 2015 at 7:38 PM, Jeff Garzik wrote: >> > One general problem is that security is weakened when an attacker can >> DoS a >> > small part of the chain by DoS'ing a small number of nodes - yet the >> impact >> > is a network-wide DoS because nobody can complete a sync. >> >> It might be more interesting to think of that attack as a bandwidth >> exhaustion DOS attack on the archive nodes... if you can't get a copy >> without them, thats where you'll go. >> >> So the question arises: does the option make some nodes that would >> have been archive not be? Probably some-- but would it do so much that >> it would offset the gain of additional copies of the data when those >> attacks are not going no. I suspect not. >> >> It's also useful to give people incremental ways to participate even >> when they can't swollow the whole pill; or choose to provide the >> resource thats cheap for them to provide. In particular, if there is >> only two kinds of full nodes-- archive and pruned; then the archive >> nodes take both a huge disk and bandwidth cost; where as if there are >> fractional then archives take low(er) bandwidth unless the fractionals >> get DOS attacked. >> > > > > -- > Jeff Garzik > Bitcoin core developer and open source evangelist > BitPay, Inc. https://bitpay.com/ > --089e0111e0dabf1a560515e88382 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I suppose this begs two questions:

1) why not have a partial archive store the most recent X% o= f the blockchain by default?

2) why not include some sort of torrent in QT, to mitigate t= his risk? I don't think this is necessarily a good idea, but I'd li= ke to hear the reasoning.

On May 12, 2015 4:11 PM, "Jeff Garzik"= <jgarzik@bitpay.com> wrote= :
T= rue.=C2=A0 Part of the issue rests on the block sync horizon/cliff.=C2=A0 T= here is a value X which is the average number of blocks the 90th percentile= of nodes need in order to sync.=C2=A0 It is sufficient for the [semi-]prun= ed nodes to keep X blocks, after which nodes must fall back to archive node= s for older data.

There is simply far, far more demand f= or recent blocks, and the demand for old blocks very rapidly falls off.
=

There was even a more radical suggestion years ago - re= fuse to sync if too old (>2 weeks?), and force the user to download anci= ent data via torrent.



On Tue, May 12, 2015 at= 1:02 PM, Gregory Maxwell <gmaxwell@gmail.com> wrote:
On Tue, May 12, 2015 at 7:38 PM, Jeff Ga= rzik <jgarzik@bi= tpay.com> wrote:
> One general problem is that security is weakened when an attacker can = DoS a
> small part of the chain by DoS'ing a small number of nodes - yet t= he impact
> is a network-wide DoS because nobody can complete a sync.

It might be more interesting to think of that attack as a bandwidth<= br> exhaustion DOS attack on the archive nodes... if you can't get a copy without them, thats where you'll go.

So the question arises: does the option make some nodes that would
have been archive not be? Probably some-- but would it do so much that
it would offset the gain of additional copies of the data when those
attacks are not going no. I suspect not.

It's also useful to give people incremental ways to participate even when they can't swollow the whole pill; or choose to provide the
resource thats cheap for them to provide.=C2=A0 In particular, if there is<= br> only two kinds of full nodes-- archive and pruned; then the archive
nodes take both a huge disk and bandwidth cost; where as if there are
fractional then archives take low(er) bandwidth unless the fractionals
get DOS attacked.



--
Jeff Ga= rzik
Bitcoin core developer and open source evangelist
BitPay, Inc. = =C2=A0 =C2=A0 =C2=A0https= ://bitpay.com/
--089e0111e0dabf1a560515e88382--