Return-Path: Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id B6891C077D for ; Tue, 14 Jan 2020 19:22:55 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id A630D85FEF for ; Tue, 14 Jan 2020 19:22:55 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Qz-TnrJmNdb for ; Tue, 14 Jan 2020 19:22:49 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail.as397444.net (mail.as397444.net [69.59.18.99]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 2FA5285FEB for ; Tue, 14 Jan 2020 19:22:49 +0000 (UTC) Received: from [10.233.42.100] (unknown [69.59.18.156]) by mail.as397444.net (Postfix) with ESMTPSA id 60C1016AF8A; Tue, 14 Jan 2020 19:22:47 +0000 (UTC) To: Luke Dashjr , bitcoin-dev@lists.linuxfoundation.org References: <4a132f8a-22e3-8e31-e338-bed9ef46d2ef@mattcorallo.com> <202001102337.53397.luke@dashjr.org> From: Matt Corallo Message-ID: Date: Tue, 14 Jan 2020 19:22:47 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <202001102337.53397.luke@dashjr.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: Re: [bitcoin-dev] Modern Soft Fork Activation X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 19:22:55 -0000 Good thing no one is proposing a naive BIP 9 approach :). I'll note that BIP 9 has been fairly robust (spy-mining issues notwithstanding, which we believe are at least largely solved in the wild) in terms of safety, though I noted extensively in the first mail that it failed in terms of misunderstanding the activation parameters. I think the above proposal largely solves that, and I don't see much in the way of arguing that point from you, here. As an aside, BIP 9 is also the Devil We Know, which carries a lot of value, since we've found (and addressed) direct issues with it, whereas all other activation methods we have ~0 experience with in the modern Bitcoin network. On 1/10/20 11:37 PM, Luke Dashjr wrote: > I think BIP 9 is a proven failure, and flag day softforks have their own > problems: > > A) There is no way to unambiguously say "the rules for this chain are > ". It leaves the chain in a kind of "quantum state" where the rules > could be one thing, or could be another. Until the new rules are violated, we > do not know if the softfork was a success or not. Because of this, people > will rightly shy away from relying on the new rules. This problem is made > worse by the fact that common node policies might not produce blocks which > violate the rules. If we had gone with BIP149 for Segwit, it is IMO probable > we would still not have a clear answer today to "Is Segwit active or not?" > > B) Because of (A), there is also no clear way to intentionally reject the > softfork. Those who do not consent to it are effectively compelled to accept > it anyway. While it is usually possible to craft an opposing softfork, this > should IMO be well-defined and simple to do (including a plan to do so in any > BIP9-alike spec). > > For these reasons, in 2017, I proposed revising BIP 8 with a mandatory signal, > similar to how BIP148 worked: https://github.com/bitcoin/bips/pull/550 > However, the author of BIP 8 has since vanished, and because we had no > immediate softfork plans, efforts to move this forward were abandoned > temporarily. It seems like a good time to resume this work. > > In regard to your goal #3, I would like to note that after the mandatory > signal period, old miners could resume mining unchanged. This means there is > a temporary loss of hashrate to the network, but I think it is overall better > than the alternatives. The temporary loss of income from invalid blocks will > also give affected miners a last push to upgrade, hopefully improving the > long run security of the network hashrate. > > Luke > > (P.S. As for your #1, I do think it is oversimplified in some cases, but we > should leave that for later discussion when it actually becomes relevant.)