Return-Path: <gsanders87@gmail.com>
Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])
 by lists.linuxfoundation.org (Postfix) with ESMTP id EFFCDC002D
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed, 19 Oct 2022 16:08:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp1.osuosl.org (Postfix) with ESMTP id BD87F81383
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed, 19 Oct 2022 16:08:35 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org BD87F81383
Authentication-Results: smtp1.osuosl.org;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.a=rsa-sha256 header.s=20210112 header.b=WxcsY0KY
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -1.838
X-Spam-Level: 
X-Spam-Status: No, score=-1.838 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,
 HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01]
 autolearn=ham autolearn_force=no
Received: from smtp1.osuosl.org ([127.0.0.1])
 by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id WNJxroP1Oweb
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed, 19 Oct 2022 16:08:34 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 9AED281320
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com
 [IPv6:2a00:1450:4864:20::632])
 by smtp1.osuosl.org (Postfix) with ESMTPS id 9AED281320
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed, 19 Oct 2022 16:08:33 +0000 (UTC)
Received: by mail-ej1-x632.google.com with SMTP id a26so40736952ejc.4
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed, 19 Oct 2022 09:08:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=cc:to:subject:message-id:date:from:in-reply-to:references
 :mime-version:from:to:cc:subject:date:message-id:reply-to;
 bh=X1fA54JziOb/IpUj78xPMzXQeeuZcRUqQcZTbdzyivo=;
 b=WxcsY0KYj7gDfqj2YSm15VI3dT9y1TQ8SX9dyecQ++EUrD1NCnER488lwzKvcWAteE
 LLss/vEbpLKPikEkq6G8sXHQ2998p80RNB8/fkZzmvUveFeGfDS1Z96rdmwd+Oeabe0k
 6D0S5kmvqbPxpB7/wj0fmUaxaTrFKsY/8fBqtn3WpZIeanfKUlN4csu4tgiYxjp+WgLu
 KTerMnmF7zucELaU2PRtzAIOWN6XK2VKQeKaHeM+fEyKOF09qbLK3ts029vaT/iq+yJR
 sAdD7r6ozVjDSdh1vW9HiJoRE2vv/Zw2ykncyAy2SVnTDaK4npefcPb5OwU5VPG9OkeD
 RUtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=cc:to:subject:message-id:date:from:in-reply-to:references
 :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=X1fA54JziOb/IpUj78xPMzXQeeuZcRUqQcZTbdzyivo=;
 b=BppJi+1M7jwQtlwp4AHjXeOqJXyRPU6Jq4kqcWS9Efx5dn4XNzCfUgADS8NIGIDHrN
 MNeES+YdJ61sOAF/W1ZRUlTjnZN1a/Ip4INf9rPcT1zObJqBOFj/W1k+lrP+aUZb6T6M
 pCnCBorBWIGBVZRVs9pTipH9h8lqfZbic1r+KUlOa8xScZa+UBZRki6fi8NV1rP/MscT
 Pb5S+UcP69yNyhjO1Nqi8RYVjPfX+pR/5tqMZiLR2LCeXT4ANcqPdxEbNjJUlNiDLZcU
 s5yXEWvRXQu6SIHr0ZPTo+3bDCSC/7jJbQCqBV1mmWnLVVBRWEdALrtR3VS8qBDbvnBf
 3EFA==
X-Gm-Message-State: ACrzQf3ftHRxHnq8RkN3zJMQlvDVn9gREvEbbGdvVohexr4LPgtdEZJT
 IIGSg7hky6BvId3jREPBXs1avcx0MLXuFOaPPIYASttf
X-Google-Smtp-Source: AMsMyM7RXJKoXnfS5F46NbDcgiXOCNU60kxRTW3bIJytrIR2ZOLMDBwTo+DNRlj1+hwQfUieSlICI0MMzTjDwPjPfWs=
X-Received: by 2002:a17:906:d54d:b0:78e:f130:7099 with SMTP id
 cr13-20020a170906d54d00b0078ef1307099mr7604848ejc.142.1666195711588; Wed, 19
 Oct 2022 09:08:31 -0700 (PDT)
MIME-Version: 1.0
References: <CABZBVTC5kh7ca3KhVkFPdQjnsPhP4Kun1k3K6cPkarrjUiTJpA@mail.gmail.com>
 <CABZBVTCgiQFtxEyeOU=-SGDQUDthyy7sOgPwiT+OVi35LVivyA@mail.gmail.com>
 <CAD5xwhjFWgNTT5URX31jrULMb-iTxWih7673tpueD10AGbV=Gg@mail.gmail.com>
 <CABZBVTABUk_-t+LUud_6i=KMR8QpY_LXCKM57FOzNRhUEwmh=g@mail.gmail.com>
In-Reply-To: <CABZBVTABUk_-t+LUud_6i=KMR8QpY_LXCKM57FOzNRhUEwmh=g@mail.gmail.com>
From: Greg Sanders <gsanders87@gmail.com>
Date: Wed, 19 Oct 2022 12:08:19 -0400
Message-ID: <CAB3F3DvH+SKC3x3-qzeQ0mGUMwm8=TH9WObQWVnsp=65autJNA@mail.gmail.com>
To: Sergej Kotliar <sergej@bitrefill.com>, 
 Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="00000000000084003805eb656b91"
Subject: Re: [bitcoin-dev] [Opt-in full-RBF] Zero-conf apps in immediate
	danger
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2022 16:08:36 -0000

--00000000000084003805eb656b91
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Another downside is that the sender may not opt into a non-pinnable future
format like "V3 transactions", making CPFP difficult. They may spend a lot
of fees to do this however, so maybe we're really reaching here.

On Wed, Oct 19, 2022 at 12:07 PM Sergej Kotliar via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> It's an interesting idea, presumably it would work w the new package rela=
y.
> Scorched earth bidding war is definitely fine to deter this type of abuse=
.
> Need to consider it more thoroughly from all sides tho. CPFP on the serve=
r
> side generally has a couple of downsides:
> * Requires a hot wallet to receive bitcoin
> * an entity that is reliably known to do CPFP can be abused by people
> looking to consolidate utxos, which can be quite costly. Might be solvabl=
e
> with a set of conditionals, and bad UX for abusers is less of a concern :=
)
>
> Will follow up after more deliberation, thanks!
>
>
> On Wed, 19 Oct 2022 at 17:43, Jeremy Rubin <jeremy.l.rubin@gmail.com>
> wrote:
>
>> If they do this to you, and the delta is substantial, can't you sweep al=
l
>> such abusers with a cpfp transaction replacing their package and giving =
you
>> the original txn?
>>
>> On Wed, Oct 19, 2022, 7:33 AM Sergej Kotliar via bitcoin-dev <
>> bitcoin-dev@lists.linuxfoundation.org> wrote:
>>
>>> Hi all,
>>>
>>> Chiming in on this thread as I feel like the real dangers of RBF as
>>> default policy aren't sufficiently elaborated here. It's not only about=
 the
>>> zero-conf (I'll get to that) but there is an even bigger danger called =
the
>>> american call option, which risks endangering the entirety of BIP21 "Sc=
an
>>> this QR code with your wallet to buy this product" model that I believe
>>> we've all come to appreciate. Specifically, in a scenario with high
>>> volatility and many transactions in the mempools (which is where RBF wo=
uld
>>> come in handy), a user can make a low-fee transaction and then wait for
>>> hours, days or even longer, and see whether BTCUSD moves. If BTCUSD mov=
es
>>> up, user can cancel his transaction and make a new - cheaper one. The
>>> biggest risk in accepting bitcoin payments is in fact not zeroconf risk
>>> (it's actually quite easily managed), it's FX risk as the merchant must
>>> commit to a certain BTCUSD rate ahead of time for a purchase. Over time
>>> some transactions lose money to FX and others earn money - that evens o=
ut
>>> in the end. But if there is an _easily accessible in the wallet_ featur=
e to
>>> "cancel transaction" that means it will eventually get systematically
>>> abused. A risk of X% loss on many payments that's easy to systematicall=
y
>>> abuse is more scary than a rare risk of losing 100% of one occasional
>>> payment. It's already possible to execute this form of abuse with opt-i=
n
>>> RBF, which may lead to us at some point refusing those payments (even w=
ith
>>> confirmation) or cumbersome UX to work around it, such as crediting the
>>> bitcoin to a custodial account.
>>>
>>> To compare zeroconf risk with FX risk: I think we've had one incident i=
n
>>> 8 years of operation where a user successfully fooled our server to acc=
ept
>>> a payment that in the end didn't confirm. To successfully fool (non-RBF=
)
>>> zeroconf one needs to have access to mining infrastructure and probabil=
ity
>>> of success is the % of hash rate controlled. This is simply due to the =
fact
>>> that the network currently won't propagage the replacement transaction =
to
>>> the miner, which is what's being discussed here. American call option r=
isk
>>> would however be available to 100% of all users, needs nothing beyond t=
he
>>> wallet app, and has no cost to the user - only upside.
>>>
>>> Bitrefill currently processes 1500-2000 onchain payments every day. For
>>> us, a world where bitcoin becomes de facto RBF by default, means that w=
e
>>> would likely turn off the BIP21 model for onchain payments, instruct
>>> Bitcoin users to use Lightning or deposit onchain BTC to a custodial
>>> account that we have.
>>> This option is however not available for your typical
>>> BTCPayServer/CoinGate/Bitpay/IBEX/OpenNode et al. Would be great to hea=
r
>>> from other merchants or payment providers how they see this new behavio=
r
>>> and how they would counteract it.
>>>
>>> Currently Lightning is somewhere around 15% of our total bitcoin
>>> payments. This is very much not nothing, and all of us here want Lightn=
ing
>>> to grow, but I think it warrants a serious discussion on whether we wan=
t
>>> Lightning adoption to go to 100% by means of disabling on-chain commerc=
e.
>>> For me personally it would be an easier discussion to have when Lightni=
ng
>>> is at 80%+ of all bitcoin transactions. Currently far too many bitcoin
>>> users simply don't have access to Lightning, and of those that do and h=
old
>>> their own keys Muun is the biggest wallet per our data, not least due t=
o
>>> their ease-of-use which is under threat per the OP. It's hard to assess=
 how
>>> many users would switch to Lightning in such a scenario, the communicat=
ion
>>> around it would be hard. My intuition says that the majority of the cur=
rent
>>> 85% of bitcoin users that pay onchain would just not use bitcoin anymor=
e,
>>> probably shift to an alt. The benefits of Lightning are many and obviou=
s,
>>> we don't need to limit onchain to make Lightning more appealing. As an
>>> anecdote, we did experiment with defaulting to bech32 addresses some ye=
ars
>>> back. The result was that simply users of the wallets that weren't able=
 to
>>> pay to bech32 didn't complete the purchase, no support ticket or anythi=
ng,
>>> just "it didn't work =F0=9F=A4=B7=E2=80=8D=E2=99=82=EF=B8=8F" and user =
moved on. We rolled it back, and later
>>> implemented a wallet selector to allow modern wallets to pay to bech32
>>> while other wallets can pay to P2SH. This type of thing  is clunky, and
>>> requires a certain level of scale to be able to do, we certainly wouldn=
't
>>> have had the manpower for that when we were starting out. This why I'm
>>> cautious about introducing more such clunkiness vectors as they are
>>> centralizing factors.
>>>
>>> I'm well aware of the reason for this policy being suggested and the
>>> potential pinning attack vector for LN and other smart contracts, but I
>>> think these two risks/costs need to be weighed against eachother first =
and
>>> thoroughly discussed because the costs are non-trivial on both sides.
>>>
>>> Sidenote: On the efficacy of RBF to "unstuck" stuck transactions
>>> After interacting with users during high-fee periods I've come to not
>>> appreciate RBF as a solution to that issue. Most users (80% or so) simp=
ly
>>> don't have access to that functionality, because their wallet doesn't
>>> support it, or they use a custodial (exchange) wallet etc. Of those tha=
t
>>> have the feature - only the power users understand how RBF works, and
>>> explaining how to do RBF to a non-power-user is just too complex, for t=
he
>>> same reason why it's complex for wallets to make sensible non-power-use=
r UI
>>> around it. Current equilibrium is that mostly only power users have acc=
ess
>>> to RBF and they know how to handle it, so things are somewhat working. =
But
>>> rolling this out to the broad market is something else and would likely
>>> cause more confusion.
>>> CPFP is somewhat more viable but also not perfect as it would require
>>> lots of edge case code to handle abuse vectors: What if users abuse a
>>> generous CPFP policy to unstuck past transactions or consolidate large
>>> wallets. Best is for CPFP to be done on the wallet side, not the mercha=
nt
>>> side, but there too are the same UX issues as with RBF.
>>> In the end a risk-based approach to decide on which payments are
>>> non-trivial to reverse is the easiest, taking account user experience a=
nd
>>> such. Remember that in the fiat world card payments have up to 5%
>>> chargebacks, whereas we in zero-conf bitcoin land we deal with "fewer t=
han
>>> 1 in a million" accepted transactions successfully reversed. These days=
 we
>>> have very few support issues related to bitcoin payments. The few that =
do
>>> come in are due to accidental RBF users venting frustration about waiti=
ng
>>> for their tx to confirm.
>>> "In theory, theory and practice are the same. In practice, they are not=
"
>>>
>>> All the best,
>>> Sergej Kotliar
>>> CEO Bitrefill.com
>>>
>>>
>>> --
>>>
>>> Sergej Kotliar
>>>
>>> CEO
>>>
>>>
>>> Twitter: @ziggamon <https://twitter.com/ziggamon>
>>>
>>>
>>> www.bitrefill.com
>>>
>>> Twitter <https://www.twitter.com/bitrefill> | Blog
>>> <https://www.bitrefill.com/blog/> | Angellist
>>> <https://angel.co/bitrefill>
>>>
>>>
>>> --
>>>
>>> Sergej Kotliar
>>>
>>> CEO
>>>
>>>
>>> Twitter: @ziggamon <https://twitter.com/ziggamon>
>>>
>>>
>>> www.bitrefill.com
>>>
>>> Twitter <https://www.twitter.com/bitrefill> | Blog
>>> <https://www.bitrefill.com/blog/> | Angellist
>>> <https://angel.co/bitrefill>
>>> _______________________________________________
>>> bitcoin-dev mailing list
>>> bitcoin-dev@lists.linuxfoundation.org
>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>>
>>
>
> --
>
> Sergej Kotliar
>
> CEO
>
>
> Twitter: @ziggamon <https://twitter.com/ziggamon>
>
>
> www.bitrefill.com
>
> Twitter <https://www.twitter.com/bitrefill> | Blog
> <https://www.bitrefill.com/blog/> | Angellist <https://angel.co/bitrefill=
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

--00000000000084003805eb656b91
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Another=C2=A0downside is that the sender may not opt into =
a non-pinnable future format like &quot;V3 transactions&quot;, making CPFP =
difficult. They may spend a lot of fees to do this however, so maybe we&#39=
;re really reaching here.</div><br><div class=3D"gmail_quote"><div dir=3D"l=
tr" class=3D"gmail_attr">On Wed, Oct 19, 2022 at 12:07 PM Sergej Kotliar vi=
a bitcoin-dev &lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">=
bitcoin-dev@lists.linuxfoundation.org</a>&gt; wrote:<br></div><blockquote c=
lass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px soli=
d rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr">It&#39;s an interesti=
ng idea, presumably it would work w the new package relay.<div>Scorched ear=
th bidding war is definitely fine to deter this type of abuse.</div><div>Ne=
ed to consider it more thoroughly from all sides tho. CPFP on the server si=
de generally has a couple of downsides:</div><div>* Requires a hot wallet t=
o receive bitcoin</div><div>* an entity that is reliably known to do CPFP c=
an be abused by people looking to consolidate utxos, which can be quite cos=
tly. Might be solvable with a set of conditionals, and bad UX for abusers i=
s less of a concern :)</div><div><br></div><div>Will follow up after more d=
eliberation,=C2=A0thanks!</div><div><br></div></div><br><div class=3D"gmail=
_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Wed, 19 Oct 2022 at 17:43,=
 Jeremy Rubin &lt;<a href=3D"mailto:jeremy.l.rubin@gmail.com" target=3D"_bl=
ank">jeremy.l.rubin@gmail.com</a>&gt; wrote:<br></div><blockquote class=3D"=
gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(20=
4,204,204);padding-left:1ex"><div dir=3D"auto">If they do this to you, and =
the delta is substantial, can&#39;t you sweep all such abusers with a cpfp =
transaction replacing their package and giving you the original txn?</div><=
br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Wed,=
 Oct 19, 2022, 7:33 AM Sergej Kotliar via bitcoin-dev &lt;<a href=3D"mailto=
:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">bitcoin-dev@lists=
.linuxfoundation.org</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quo=
te" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204=
);padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_quote"><div dir=3D=
"ltr">Hi all,<div><br></div><div>Chiming in on this thread as I feel like t=
he real dangers of RBF as default policy aren&#39;t sufficiently elaborated=
 here. It&#39;s not only about the zero-conf (I&#39;ll get to that) but the=
re is an even bigger danger called the american call option, which risks en=
dangering the entirety of BIP21 &quot;Scan this QR code with your wallet to=
 buy this product&quot; model that I believe we&#39;ve all come to apprecia=
te. Specifically, in a scenario with high volatility and many transactions =
in the mempools (which is where RBF would come in handy), a user can make a=
 low-fee transaction and then wait for hours, days or even longer, and see =
whether BTCUSD moves. If BTCUSD moves up, user can cancel his transaction a=
nd make a new - cheaper one. The biggest risk in accepting bitcoin payments=
 is in fact not zeroconf risk (it&#39;s actually quite easily managed), it&=
#39;s FX risk as the merchant must commit to a certain BTCUSD rate ahead of=
 time for a purchase. Over time some transactions lose money to FX and othe=
rs earn money - that evens out in the end. But if there is an _easily acces=
sible in the wallet_ feature to &quot;cancel transaction&quot; that means i=
t will eventually get systematically abused. A risk of X% loss on many paym=
ents that&#39;s easy to systematically abuse is more scary than a rare risk=
 of losing 100% of one occasional payment. It&#39;s already possible to exe=
cute this form of abuse with opt-in RBF, which may lead to us at some point=
 refusing those payments (even with confirmation) or cumbersome UX to work =
around it, such as crediting the bitcoin to a custodial account.</div><div>=
<br></div><div>To compare zeroconf risk with FX risk: I think we&#39;ve had=
 one incident in 8 years of operation where a user successfully fooled our =
server to accept a payment that in the end didn&#39;t confirm. To successfu=
lly fool (non-RBF) zeroconf one needs to have access to mining infrastructu=
re and probability of success is the % of hash rate controlled. This is sim=
ply due to the fact that the network currently won&#39;t propagage the repl=
acement transaction to the miner, which is what&#39;s being discussed here.=
 American call option risk would however be available to 100% of all users,=
 needs nothing beyond the wallet app, and has no cost to the user - only up=
side.<br></div><div><br></div><div>Bitrefill currently processes 1500-2000 =
onchain payments every day. For us, a world where bitcoin becomes de facto =
RBF by default, means that we would likely turn off the BIP21 model for onc=
hain payments, instruct Bitcoin users to use Lightning or deposit onchain B=
TC to a custodial account that we have.=C2=A0<br></div><div>This option is =
however not available for your typical BTCPayServer/CoinGate/Bitpay/IBEX/Op=
enNode et al. Would be great to hear from other merchants or payment provid=
ers how they see this new behavior and how they would counteract it.</div><=
div><br></div><div>Currently Lightning is somewhere around 15% of our total=
 bitcoin payments. This is very much not nothing, and all of us here want L=
ightning to grow, but I think it warrants a serious discussion on whether w=
e want Lightning adoption to go to 100% by means of disabling on-chain comm=
erce. For me personally it would be an easier discussion to have when Light=
ning is at 80%+ of all bitcoin transactions. Currently far too many bitcoin=
 users simply don&#39;t have access to Lightning, and of those that do and =
hold their own keys Muun is the biggest wallet per our data, not least due =
to their ease-of-use which is under threat per the OP. It&#39;s hard to ass=
ess how many users would switch to Lightning in such a scenario, the commun=
ication around it would be hard. My intuition says that the majority of the=
 current 85% of bitcoin users that pay onchain would just not use bitcoin a=
nymore, probably shift to an alt. The benefits of Lightning are many and ob=
vious, we don&#39;t need to limit onchain to make Lightning more appealing.=
 As an anecdote, we did experiment with defaulting to bech32 addresses some=
 years back. The result was that simply users of the wallets that weren&#39=
;t able to pay to bech32 didn&#39;t complete the purchase, no support ticke=
t or anything, just &quot;it didn&#39;t work =F0=9F=A4=B7=E2=80=8D=E2=99=82=
=EF=B8=8F&quot; and user moved on. We rolled it back, and later implemented=
 a wallet selector to allow modern wallets to pay to bech32 while other wal=
lets can pay to P2SH. This type of thing=C2=A0 is clunky, and requires a ce=
rtain level of scale to be able to do, we certainly wouldn&#39;t have had t=
he manpower for that when we were starting out. This why I&#39;m cautious a=
bout introducing more such clunkiness vectors as they are centralizing fact=
ors.</div><div><br></div><div>I&#39;m well aware of the reason for this pol=
icy being suggested and the potential pinning attack vector for LN and othe=
r smart contracts, but I think these two risks/costs need to be weighed aga=
inst eachother first and thoroughly discussed because the costs are non-tri=
vial on both sides.<br clear=3D"all"><div><br></div><div>Sidenote: On the e=
fficacy of RBF to &quot;unstuck&quot; stuck transactions</div><div>After in=
teracting with users during high-fee periods I&#39;ve come to not appreciat=
e RBF as a solution to that issue. Most users (80% or so) simply don&#39;t =
have access to that functionality, because their wallet doesn&#39;t support=
 it, or they use a custodial (exchange) wallet etc. Of those that have the =
feature - only the power users understand how RBF works, and explaining how=
 to do RBF to a non-power-user is just too complex, for the same reason why=
 it&#39;s complex for wallets to make sensible non-power-user UI around it.=
 Current equilibrium is that mostly only power users have access to RBF and=
 they know how to handle it, so things are somewhat working. But rolling th=
is out to the broad market is something else and would likely cause more co=
nfusion.=C2=A0</div><div>CPFP is somewhat more viable but also not perfect =
as it would require lots of edge case code to handle abuse vectors: What if=
 users abuse a generous CPFP policy to unstuck past transactions or consoli=
date large wallets. Best is for CPFP to be done on the wallet side, not the=
 merchant side, but there too are the same UX issues as with RBF.=C2=A0</di=
v><div>In the end a risk-based approach to decide on which payments are non=
-trivial to reverse is the easiest, taking account user experience and such=
. Remember that in the fiat world card payments have up to 5% chargebacks, =
whereas we in zero-conf bitcoin land we deal with &quot;fewer than 1 in a m=
illion&quot; accepted transactions successfully reversed. These days we hav=
e very few support issues related to bitcoin payments. The few that do come=
 in are due to accidental RBF users venting frustration about waiting for t=
heir tx to confirm.</div><div>&quot;In theory, theory and practice are the =
same. In practice, they are not&quot;</div><div><br></div><div>All the best=
,=C2=A0</div><div>Sergej Kotliar</div><div>CEO Bitrefill.com</div><div><br>=
</div><div><br></div>-- <br><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"l=
tr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><di=
v dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><p dir=3D"=
ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span styl=
e=3D"font-size:9.5pt;font-family:Arial;color:rgb(0,0,0);background-color:tr=
ansparent;font-weight:700;font-style:normal;font-variant:normal;text-decora=
tion:none;vertical-align:baseline;white-space:pre-wrap">Sergej Kotliar</spa=
n></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom=
:0pt"><span style=3D"font-size:9.5pt;font-family:Arial;color:rgb(0,0,0);bac=
kground-color:transparent;font-weight:700;font-style:normal;font-variant:no=
rmal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">CEO=
</span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-b=
ottom:0pt"><b style=3D"font-weight:normal"><br></b></p><p dir=3D"ltr" style=
=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-=
size:11pt;font-family:Arial;color:rgb(102,102,102);background-color:transpa=
rent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:=
none;vertical-align:baseline;white-space:pre-wrap"><span style=3D"border:no=
ne;display:inline-block;overflow:hidden;width:220px;height:80px"><img src=
=3D"https://lh4.googleusercontent.com/wU5i7e8boCd7o3P52cUTKrqeTa7jV2dPEXlui=
jGtPBy0f1F0R2_zIg_zOQ2kigkbVbSWqLlVdwuBYgo_txXMKkCWdMfBFRNhsDhFpNv1QrRZsD-g=
PxDui-4l0tZI1QcjtefCDkNG" width=3D"220" height=3D"80" style=3D"margin-left:=
 0px; margin-top: 0px;"></span></span></p><p dir=3D"ltr" style=3D"line-heig=
ht:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:9.5pt;fo=
nt-family:Arial;color:rgb(102,102,102);background-color:transparent;font-we=
ight:400;font-style:normal;font-variant:normal;text-decoration:none;vertica=
l-align:baseline;white-space:pre-wrap">Twitter: @</span><a href=3D"https://=
twitter.com/ziggamon" style=3D"text-decoration:none" rel=3D"noreferrer" tar=
get=3D"_blank"><span style=3D"font-size:9.5pt;font-family:Arial;color:rgb(1=
02,102,102);background-color:transparent;font-weight:400;font-style:normal;=
font-variant:normal;text-decoration:underline;vertical-align:baseline;white=
-space:pre-wrap">ziggamon</span></a><span style=3D"font-size:9.5pt;font-fam=
ily:Arial;color:rgb(102,102,102);background-color:transparent;font-weight:4=
00;font-style:normal;font-variant:normal;text-decoration:none;vertical-alig=
n:baseline;white-space:pre-wrap">=C2=A0</span></p><p dir=3D"ltr" style=3D"l=
ine-height:1.38;margin-top:0pt;margin-bottom:0pt"><b style=3D"font-weight:n=
ormal"><br></b></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;=
margin-bottom:0pt"><a href=3D"http://www.bitrefill.com/" style=3D"text-deco=
ration:none" rel=3D"noreferrer" target=3D"_blank"><span style=3D"font-size:=
9.5pt;font-family:Arial;color:rgb(102,102,102);background-color:transparent=
;font-weight:400;font-style:normal;font-variant:normal;text-decoration:unde=
rline;vertical-align:baseline;white-space:pre-wrap">www.bitrefill.com</span=
></a></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bot=
tom:0pt"><a href=3D"https://www.twitter.com/bitrefill" rel=3D"noreferrer" t=
arget=3D"_blank"><span style=3D"font-size:9.5pt;font-family:Arial;color:rgb=
(102,102,102);background-color:transparent;vertical-align:baseline;white-sp=
ace:pre-wrap">Twitter</span></a><span style=3D"font-size:9.5pt;font-family:=
Arial;color:rgb(102,102,102);background-color:transparent;vertical-align:ba=
seline;white-space:pre-wrap"> | </span><a href=3D"https://www.bitrefill.com=
/blog/" rel=3D"noreferrer" target=3D"_blank"><span style=3D"font-size:9.5pt=
;font-family:Arial;color:rgb(102,102,102);background-color:transparent;vert=
ical-align:baseline;white-space:pre-wrap">Blog</span></a><span style=3D"fon=
t-size:9.5pt;font-family:Arial;color:rgb(102,102,102);background-color:tran=
sparent;vertical-align:baseline;white-space:pre-wrap"> | </span><a href=3D"=
https://angel.co/bitrefill" rel=3D"noreferrer" target=3D"_blank"><span styl=
e=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102);background-co=
lor:transparent;vertical-align:baseline;white-space:pre-wrap">Angellist </s=
pan></a><br></p></div></div></div></div></div></div></div></div></div></div=
></div></div></div>
</div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"><div dir=3D"=
ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><d=
iv dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=
=3D"ltr"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bot=
tom:0pt"><span style=3D"font-size:9.5pt;font-family:Arial;color:rgb(0,0,0);=
background-color:transparent;font-weight:700;font-style:normal;font-variant=
:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">=
Sergej Kotliar</span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-to=
p:0pt;margin-bottom:0pt"><span style=3D"font-size:9.5pt;font-family:Arial;c=
olor:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:nor=
mal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-=
space:pre-wrap">CEO</span></p><p dir=3D"ltr" style=3D"line-height:1.38;marg=
in-top:0pt;margin-bottom:0pt"><b style=3D"font-weight:normal"><br></b></p><=
p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><=
span style=3D"font-size:11pt;font-family:Arial;color:rgb(102,102,102);backg=
round-color:transparent;font-weight:700;font-style:normal;font-variant:norm=
al;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><span=
 style=3D"border:none;display:inline-block;overflow:hidden;width:220px;heig=
ht:80px"><img src=3D"https://lh4.googleusercontent.com/wU5i7e8boCd7o3P52cUT=
KrqeTa7jV2dPEXluijGtPBy0f1F0R2_zIg_zOQ2kigkbVbSWqLlVdwuBYgo_txXMKkCWdMfBFRN=
hsDhFpNv1QrRZsD-gPxDui-4l0tZI1QcjtefCDkNG" width=3D"220" height=3D"80" styl=
e=3D"margin-left: 0px; margin-top: 0px;"></span></span></p><p dir=3D"ltr" s=
tyle=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"f=
ont-size:9.5pt;font-family:Arial;color:rgb(102,102,102);background-color:tr=
ansparent;font-weight:400;font-style:normal;font-variant:normal;text-decora=
tion:none;vertical-align:baseline;white-space:pre-wrap">Twitter: @</span><a=
 href=3D"https://twitter.com/ziggamon" style=3D"text-decoration:none" rel=
=3D"noreferrer" target=3D"_blank"><span style=3D"font-size:9.5pt;font-famil=
y:Arial;color:rgb(102,102,102);background-color:transparent;font-weight:400=
;font-style:normal;font-variant:normal;text-decoration:underline;vertical-a=
lign:baseline;white-space:pre-wrap">ziggamon</span></a><span style=3D"font-=
size:9.5pt;font-family:Arial;color:rgb(102,102,102);background-color:transp=
arent;font-weight:400;font-style:normal;font-variant:normal;text-decoration=
:none;vertical-align:baseline;white-space:pre-wrap">=C2=A0</span></p><p dir=
=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><b sty=
le=3D"font-weight:normal"><br></b></p><p dir=3D"ltr" style=3D"line-height:1=
.38;margin-top:0pt;margin-bottom:0pt"><a href=3D"http://www.bitrefill.com/"=
 style=3D"text-decoration:none" rel=3D"noreferrer" target=3D"_blank"><span =
style=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102);backgroun=
d-color:transparent;font-weight:400;font-style:normal;font-variant:normal;t=
ext-decoration:underline;vertical-align:baseline;white-space:pre-wrap">www.=
bitrefill.com</span></a></p><p dir=3D"ltr" style=3D"line-height:1.38;margin=
-top:0pt;margin-bottom:0pt"><a href=3D"https://www.twitter.com/bitrefill" r=
el=3D"noreferrer" target=3D"_blank"><span style=3D"font-size:9.5pt;font-fam=
ily:Arial;color:rgb(102,102,102);background-color:transparent;vertical-alig=
n:baseline;white-space:pre-wrap">Twitter</span></a><span style=3D"font-size=
:9.5pt;font-family:Arial;color:rgb(102,102,102);background-color:transparen=
t;vertical-align:baseline;white-space:pre-wrap"> | </span><a href=3D"https:=
//www.bitrefill.com/blog/" rel=3D"noreferrer" target=3D"_blank"><span style=
=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102);background-col=
or:transparent;vertical-align:baseline;white-space:pre-wrap">Blog</span></a=
><span style=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102);ba=
ckground-color:transparent;vertical-align:baseline;white-space:pre-wrap"> |=
 </span><a href=3D"https://angel.co/bitrefill" rel=3D"noreferrer" target=3D=
"_blank"><span style=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102=
,102);background-color:transparent;vertical-align:baseline;white-space:pre-=
wrap">Angellist </span></a><br></p></div></div></div></div></div></div></di=
v></div></div></div></div></div>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" rel=3D"noreferrer"=
 target=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer noreferrer" target=3D"_blank">https://lists.linuxfoundati=
on.org/mailman/listinfo/bitcoin-dev</a><br>
</blockquote></div>
</blockquote></div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"=
><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div d=
ir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"l=
tr"><div dir=3D"ltr"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0p=
t;margin-bottom:0pt"><span style=3D"font-size:9.5pt;font-family:Arial;color=
:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;=
font-variant:normal;text-decoration:none;vertical-align:baseline;white-spac=
e:pre-wrap">Sergej Kotliar</span></p><p dir=3D"ltr" style=3D"line-height:1.=
38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:9.5pt;font-fa=
mily:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:700;fo=
nt-style:normal;font-variant:normal;text-decoration:none;vertical-align:bas=
eline;white-space:pre-wrap">CEO</span></p><p dir=3D"ltr" style=3D"line-heig=
ht:1.38;margin-top:0pt;margin-bottom:0pt"><b style=3D"font-weight:normal"><=
br></b></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-b=
ottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;color:rgb(102,10=
2,102);background-color:transparent;font-weight:700;font-style:normal;font-=
variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre=
-wrap"><span style=3D"border:none;display:inline-block;overflow:hidden;widt=
h:220px;height:80px"><img src=3D"https://lh4.googleusercontent.com/wU5i7e8b=
oCd7o3P52cUTKrqeTa7jV2dPEXluijGtPBy0f1F0R2_zIg_zOQ2kigkbVbSWqLlVdwuBYgo_txX=
MKkCWdMfBFRNhsDhFpNv1QrRZsD-gPxDui-4l0tZI1QcjtefCDkNG" width=3D"220" height=
=3D"80" style=3D"margin-left: 0px; margin-top: 0px;"></span></span></p><p d=
ir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><spa=
n style=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102);backgro=
und-color:transparent;font-weight:400;font-style:normal;font-variant:normal=
;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Twitter=
: @</span><a href=3D"https://twitter.com/ziggamon" style=3D"text-decoration=
:none" target=3D"_blank"><span style=3D"font-size:9.5pt;font-family:Arial;c=
olor:rgb(102,102,102);background-color:transparent;font-weight:400;font-sty=
le:normal;font-variant:normal;text-decoration:underline;vertical-align:base=
line;white-space:pre-wrap">ziggamon</span></a><span style=3D"font-size:9.5p=
t;font-family:Arial;color:rgb(102,102,102);background-color:transparent;fon=
t-weight:400;font-style:normal;font-variant:normal;text-decoration:none;ver=
tical-align:baseline;white-space:pre-wrap">=C2=A0</span></p><p dir=3D"ltr" =
style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><b style=3D"fon=
t-weight:normal"><br></b></p><p dir=3D"ltr" style=3D"line-height:1.38;margi=
n-top:0pt;margin-bottom:0pt"><a href=3D"http://www.bitrefill.com/" style=3D=
"text-decoration:none" target=3D"_blank"><span style=3D"font-size:9.5pt;fon=
t-family:Arial;color:rgb(102,102,102);background-color:transparent;font-wei=
ght:400;font-style:normal;font-variant:normal;text-decoration:underline;ver=
tical-align:baseline;white-space:pre-wrap">www.bitrefill.com</span></a></p>=
<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
<a href=3D"https://www.twitter.com/bitrefill" target=3D"_blank"><span style=
=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102);background-col=
or:transparent;vertical-align:baseline;white-space:pre-wrap">Twitter</span>=
</a><span style=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102)=
;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"=
> | </span><a href=3D"https://www.bitrefill.com/blog/" target=3D"_blank"><s=
pan style=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102);backg=
round-color:transparent;vertical-align:baseline;white-space:pre-wrap">Blog<=
/span></a><span style=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,10=
2,102);background-color:transparent;vertical-align:baseline;white-space:pre=
-wrap"> | </span><a href=3D"https://angel.co/bitrefill" target=3D"_blank"><=
span style=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102);back=
ground-color:transparent;vertical-align:baseline;white-space:pre-wrap">Ange=
llist </span></a><br></p></div></div></div></div></div></div></div></div></=
div></div></div>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div>

--00000000000084003805eb656b91--