Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id B3F68C002D for ; Mon, 5 Dec 2022 17:26:28 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 8E9824038B for ; Mon, 5 Dec 2022 17:26:28 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 8E9824038B Authentication-Results: smtp2.osuosl.org; dkim=pass (2048-bit key) header.d=synonym-to.20210112.gappssmtp.com header.i=@synonym-to.20210112.gappssmtp.com header.a=rsa-sha256 header.s=20210112 header.b=WTcUX4jK X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EMWTiMR497wQ for ; Mon, 5 Dec 2022 17:26:27 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 1433B40193 Received: from mail-il1-x135.google.com (mail-il1-x135.google.com [IPv6:2607:f8b0:4864:20::135]) by smtp2.osuosl.org (Postfix) with ESMTPS id 1433B40193 for ; Mon, 5 Dec 2022 17:26:26 +0000 (UTC) Received: by mail-il1-x135.google.com with SMTP id o13so5386154ilc.7 for ; Mon, 05 Dec 2022 09:26:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=synonym-to.20210112.gappssmtp.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=yUhBc3mgnEmgvxytaFMfvS0tvcbK3XFTNFqUniUUp18=; b=WTcUX4jKPRjhy7aglazP4iSXj2TOx8w+qHOyP1cvKUBPODWEDB05WMwC/1PLKeCqmT M7eJGBKDMRy8FuFuTHhhH8raiVW3jongDwINwvQ0GD7q0JE5vbGlc0ijtRmyInKmlZ2C fIaQmmMO0OqDcQO+kPIjTAUdMBE17mX2FHzds9QcBTvZnyfed8PhVKf+x4gJphFPigoJ 3KL/srLj4NKYqIxqvu4dasFBEBt0B9lNgxVidjUZVI/cYFD/FlLqbUfBwW+CoSetky7I KHAt65wJMqbUJJDyy6f8mQki4rAC1/8QefwovlhIYejS1PefRyW3X+C+ixt8lBwBHujd HGyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=yUhBc3mgnEmgvxytaFMfvS0tvcbK3XFTNFqUniUUp18=; b=WGws1OdJzECIPc1NlYhqlAUAswaqTFbRdE1pll14ATIeUoykQIyppYxlRq7nbBau+K odOl2oRzS67URJC1g/+T9PMo2GZUcaCnScU2NnKMSr7NCrCC7rTtHfvT+SxTfwvSyk7z UvV4sFp67xLgGC+1/SUeq0HtS5AugS0TW2a8DD53j6GKkbCiEb2kKmToNLTWjy3SW902 6CDl/S/ld40Ti93JH/dCI/0NdkGxEJ8IGn8Cy0wsjKGS9DHnWZCEum9Ss8R2G7v3sN24 rNRph8gHrQ/r5jUSmt3UJJALrds0r1Py16dxI9WEpGoAV+o4qJv34bRXC3C7PeDrLAKK 2dXg== X-Gm-Message-State: ANoB5pk6NNZNcAB91i/Or/jCqnp4bzVs96R6qK3SiwcajSg9iUugaHs+ ieNUX1EN4F5RdDwXh5orYKdiQolVQ33EKVmO39b2hgsNNzrjszG0 X-Google-Smtp-Source: AA0mqf7I3Vgf9oBC6uc2JwOt/x3lxZPozLVQjJWfH23h0Xm/7+BbVWdCgafl0/WYHwJO5f0JEA3fD0060QpqAWIm+qs= X-Received: by 2002:a05:6e02:1c25:b0:303:3ce6:bb22 with SMTP id m5-20020a056e021c2500b003033ce6bb22mr7462207ilh.138.1670261185450; Mon, 05 Dec 2022 09:26:25 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: John Carvalho Date: Mon, 5 Dec 2022 17:26:14 +0000 Message-ID: To: bitcoin-dev@lists.linuxfoundation.org, antoine.riard@gmail.com Content-Type: multipart/alternative; boundary="000000000000a4330a05ef17fcf4" X-Mailman-Approved-At: Mon, 05 Dec 2022 18:57:59 +0000 Subject: Re: [bitcoin-dev] bitcoin-dev Digest, Vol 91, Issue 5 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2022 17:26:28 -0000 --000000000000a4330a05ef17fcf4 Content-Type: text/plain; charset="UTF-8" Antoine, > In the direction of removing the current option from Bitcoin Core, I think > the prerequisite to address are the qualification of enough economic flows > at risk and the presence of a sizable loss in miners income. Are such prerequisites for feature removal published somewhere? I don't see any reason why removing a controversial change should be harder than adding one. Generally, it is impossible to definitively attribute any change in network condition to one thing in such a complex system, and also difficult to know how much time is required to express negative effects. The whole argument here is to prevent disruption of the status quo that has lasted the whole history of Bitcoin, to avoid taking a speculative risk that full-RBF, at the expense of zero-conf, is maybe better for miners... or something. Further, I feel the mempoolfullrbf feature was rushed through while this controversy was growing, specifically to attempt to achieve this imaginary protection of "sorry, that ship has sailed" which indicates an agenda that is counter to greater social consensus and status quo. We should not incentivize such behavior further by allowing this sort of feature sainthood. Beyond that, I think there is still the open question if we (we, as the > Bitcoin protocol development community, with all its stakeholders) should > restrain user choice in policy settings in the name of preserving mining > income and established use-case stability. Removing the mempoolfullrbf feature is the opposite of restraining user choice. First, any incentivized user can still create and distribute patches for any given mempool policy, regardless of whether we remove the feature from Core, but it is important to note that extremely few have felt the need to do so in the past. Second, the very debate here is about how it is mempoolfullrbf that removes the user choice of zero-conf services. With a first-seen policy in place, users have *more* options, and Bitcoin is thus more useful, and thus more valuable to everyone. This is evident in that the feature of full-rbf is that it overrides any ability for users to signal intent of how they wish their transaction to be handled by nodes and miners. This is useful info to miners, as they make more money by facilitating use cases than by fee-minimizers painting everything as RBF. User-signaling is a useful feature for the mempool, full-RBF removes that feature. Third, when Bitcoin Core adds special support for specific policies, it positions itself as a political authority and influencer. It is not Core's place to support one subjective policy more than another, particularly when it conflicts with years of status quo and breaks the current user space, and likely resulting in more doublespent user experiences. To recall, the original technical motivation of this option, and the wider > smoother deployment was to address a DoS vector affecting another class of > use-case: multi-party transactions like coinjoin and contracting protocols > like Lightning [2] [3]. All of them expect to generate economic flows and > corresponding mining income. Since then, alternative paths to solve this > DoS vector have been devised, all with their own trade-offs and conceptual > issues [4] [5]. I am particularly skeptical that users sending Bitcoin to themselves (coinjoin) could ever be more incentive-compatible than fast-paced commerce & priority competition. I am also skeptical that mempoolfullrbf actually solves LN risks any better than opt-in RBF by default by LN implementations and wallets. Further, zero-conf support reduces friction for LN adoption by allowing us to make instant, seamless UX within wallets when onboarding, rebalancing, and splicing. -- John Carvalho CEO, Synonym.to > > Date: Fri, 2 Dec 2022 17:35:39 -0500 > From: Antoine Riard > To: Bitcoin Protocol Discussion > > Subject: [bitcoin-dev] Fwd: [Opt-in full-RBF] Zero-conf apps in > immediate danger > Message-ID: > < > CALZpt+HFFwY4XECNZj3XLqnaumPeDjrwvnCsRa3vsGQfuXn8wA@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Hi Daniel, > > >From my understanding of GAP600, you're operating a zero-conf risk > analysis > business, which is integrated and leveraged by payment processors/liquidity > providers and merchants. A deployment of fullrbf by enough full-node > operators and a subset of the mining hashrate would lower the cost of > double-spend attack by lamda users, therefore increasing the risk exposure > of your users. This increased risk exposure could lead you to alter the > acceptance of incoming zero-conf transactions, AFAICT in a similar > reasoning as exposed by Bitrefill earlier this year [0]. > > About the statistics you're asking for considerations, few further > questions, on those 1.5M transactions per month, a) how many are > Bitcoin-only (as I understand to be multi-cryptocurrencies), b) how many > are excluded from zeroconf due to factors like RBF, long-chain of > unconfirmed ancestors or too high-value and c) what has been the average > feerate (assuming a standard size of 200 bytes) ? > > My personal position on fullrbf is still the same as expressed in #26525 > [1]. As a community, I think we still don't have conceptual consensus on > deploying full-rbf, nor to remove it. In the direction of removing the > current option from Bitcoin Core, I think the prerequisite to address are > the qualification of enough economic flows at risk and the presence of a > sizable loss in miners income. Beyond that, I think there is still the open > question if we (we, as the Bitcoin protocol development community, with all > its stakeholders) should restrain user choice in policy settings in the > name of preserving mining income and established use-case stability. > > To recall, the original technical motivation of this option, and the wider > smoother deployment was to address a DoS vector affecting another class of > use-case: multi-party transactions like coinjoin and contracting protocols > like Lightning [2] [3]. All of them expect to generate economic flows and > corresponding mining income. Since then, alternative paths to solve this > DoS vector have been devised, all with their own trade-offs and conceptual > issues [4] [5]. > > Best, > Antoine > --000000000000a4330a05ef17fcf4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Antoine,
=C2=A0
In the direction of removing the current option= from Bitcoin Core, I think the prerequisite to address are the qualificati= on of enough economic flows at risk and the presence of a sizable loss in m= iners income.=C2=A0

Are such pr= erequisites for feature removal published somewhere? I don't see any re= ason why removing a controversial change should=C2=A0be harder than adding = one. Generally, it is impossible to definitively attribute any change in ne= twork condition to one thing in such a complex system, and also difficult t= o know how much time is required to express negative effects. The whole arg= ument here is to prevent disruption of the status quo that has lasted the w= hole history of Bitcoin, to avoid taking a speculative risk that full-RBF, = at the expense of zero-conf, is maybe better for miners... or something.

Further, I feel the mempoolfullrbf=C2=A0feature was = rushed through while this controversy was growing, specifically to attempt = to achieve this imaginary protection of "sorry, that ship has sailed&q= uot; which indicates an agenda that is counter to greater social consensus = and status quo. We should not incentivize such behavior further by allowing= this sort of feature sainthood.=C2=A0

Beyond that, I think there is still the o= pen question if we (we, as the Bitcoin protocol development community, with= all its stakeholders) should restrain user choice in policy settings in th= e name of preserving mining income and established use-case stability.

Removing the mempoolfullrbf feature= is the opposite of restraining user choice.=C2=A0

First, any incentivized user can still create and distribute patches for a= ny given mempool policy, regardless of whether we remove the feature from C= ore, but it is important to note that extremely few have felt the need to d= o so in the past.

Second, the very debate here is = about how it is mempoolfullrbf that removes the user choice of zero-conf se= rvices. With a first-seen policy in place, users have *more* options, and B= itcoin is thus more useful, and thus more valuable to everyone. This is evi= dent in that the feature of full-rbf is that it overrides any ability for u= sers to signal intent of how they wish their transaction to be handled by n= odes and miners. This is useful info to miners, as they make more money by = facilitating use cases than by fee-minimizers painting everything as RBF. U= ser-signaling is a useful feature for the mempool, full-RBF removes that fe= ature.

Third, when Bitcoin Core adds special suppo= rt for specific policies, it positions itself as a political authority and = influencer. It is not Core's place to support one subjective policy mor= e than another, particularly when it conflicts with years of status quo and= breaks the current user space, and likely resulting in more doublespent us= er experiences.

To recall, the original technical motivation of this option, and= the wider smoother deployment was to address a DoS vector affecting anothe= r class of use-case: multi-party transactions like coinjoin and contracting= protocols like Lightning [2] [3]. All of them expect to generate economic = flows and corresponding mining income. Since then, alternative paths to sol= ve this DoS vector have been devised, all with their own trade-offs and con= ceptual issues [4] [5].

I am particularly skeptical that users sending Bitcoin to themselves (= coinjoin) could ever be more incentive-compatible than fast-paced commerce = & priority competition. I am also skeptical that mempoolfullrbf actuall= y solves LN risks any better than opt-in RBF by default by LN implementatio= ns and wallets.=C2=A0

Furt= her, zero-conf support reduces friction for LN adoption by allowing us to m= ake instant, seamless UX within wallets when onboarding, rebalancing, and s= plicing.=C2=A0

--
John Carvalho
C= EO,=C2=A0Synonym.to




Date: Fri, 2 Dec 2022 17:35:39 -0500
From: Antoine Riard <antoine.riard@gmail.com>
To: Bitcoin Protocol Discussion
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <bitcoin-dev@lists.linuxfoundation.org&g= t;
Subject: [bitcoin-dev] Fwd: [Opt-in full-RBF] Zero-conf apps in
=C2=A0 =C2=A0 =C2=A0 =C2=A0 immediate=C2=A0 =C2=A0 =C2=A0 =C2=A0danger
Message-ID:
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <CALZpt+HFFwY= 4XECNZj3XLqnaumPeDjrwvnCsRa3vsGQfuXn8wA@mail.gmail.com>
Content-Type: text/plain; charset=3D"utf-8"

Hi Daniel,

>From my understanding of GAP600, you're operating a zero-conf risk = analysis
business, which is integrated and leveraged by payment processors/liquidity=
providers and merchants. A deployment of fullrbf by enough full-node
operators and a subset of the mining hashrate would lower the cost of
double-spend attack by lamda users, therefore increasing the risk exposure<= br> of your users. This increased risk exposure could lead you to alter the
acceptance of incoming zero-conf transactions, AFAICT in a similar
reasoning as exposed by Bitrefill earlier this year [0].

About the statistics you're asking for considerations, few further
questions, on those 1.5M transactions per month, a) how many are
Bitcoin-only (as I understand to be multi-cryptocurrencies), b) how many are excluded from zeroconf due to factors like RBF, long-chain of
unconfirmed ancestors or too high-value and c) what has been the average feerate (assuming a standard size of 200 bytes) ?

My personal position on fullrbf is still the same as expressed in #26525 [1]. As a community, I think we still don't have conceptual consensus o= n
deploying full-rbf, nor to remove it. In the direction of removing the
current option from Bitcoin Core, I think the prerequisite to address are the qualification of enough economic flows at risk and the presence of a sizable loss in miners income. Beyond that, I think there is still the open=
question if we (we, as the Bitcoin protocol development community, with all=
its stakeholders) should restrain user choice in policy settings in the
name of preserving mining income and established use-case stability.

To recall, the original technical motivation of this option, and the wider<= br> smoother deployment was to address a DoS vector affecting another class of<= br> use-case: multi-party transactions like coinjoin and contracting protocols<= br> like Lightning [2] [3]. All of them expect to generate economic flows and corresponding mining income. Since then, alternative paths to solve this DoS vector have been devised, all with their own trade-offs and conceptual<= br> issues [4] [5].

Best,
Antoine
--000000000000a4330a05ef17fcf4--