Return-Path: <gsanders87@gmail.com> Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id EFFCDC002D for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 19 Oct 2022 16:08:35 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id BD87F81383 for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 19 Oct 2022 16:08:35 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org BD87F81383 Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=WxcsY0KY X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.838 X-Spam-Level: X-Spam-Status: No, score=-1.838 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WNJxroP1Oweb for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 19 Oct 2022 16:08:34 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 9AED281320 Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) by smtp1.osuosl.org (Postfix) with ESMTPS id 9AED281320 for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 19 Oct 2022 16:08:33 +0000 (UTC) Received: by mail-ej1-x632.google.com with SMTP id a26so40736952ejc.4 for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 19 Oct 2022 09:08:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=X1fA54JziOb/IpUj78xPMzXQeeuZcRUqQcZTbdzyivo=; b=WxcsY0KYj7gDfqj2YSm15VI3dT9y1TQ8SX9dyecQ++EUrD1NCnER488lwzKvcWAteE LLss/vEbpLKPikEkq6G8sXHQ2998p80RNB8/fkZzmvUveFeGfDS1Z96rdmwd+Oeabe0k 6D0S5kmvqbPxpB7/wj0fmUaxaTrFKsY/8fBqtn3WpZIeanfKUlN4csu4tgiYxjp+WgLu KTerMnmF7zucELaU2PRtzAIOWN6XK2VKQeKaHeM+fEyKOF09qbLK3ts029vaT/iq+yJR sAdD7r6ozVjDSdh1vW9HiJoRE2vv/Zw2ykncyAy2SVnTDaK4npefcPb5OwU5VPG9OkeD RUtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=X1fA54JziOb/IpUj78xPMzXQeeuZcRUqQcZTbdzyivo=; b=BppJi+1M7jwQtlwp4AHjXeOqJXyRPU6Jq4kqcWS9Efx5dn4XNzCfUgADS8NIGIDHrN MNeES+YdJ61sOAF/W1ZRUlTjnZN1a/Ip4INf9rPcT1zObJqBOFj/W1k+lrP+aUZb6T6M pCnCBorBWIGBVZRVs9pTipH9h8lqfZbic1r+KUlOa8xScZa+UBZRki6fi8NV1rP/MscT Pb5S+UcP69yNyhjO1Nqi8RYVjPfX+pR/5tqMZiLR2LCeXT4ANcqPdxEbNjJUlNiDLZcU s5yXEWvRXQu6SIHr0ZPTo+3bDCSC/7jJbQCqBV1mmWnLVVBRWEdALrtR3VS8qBDbvnBf 3EFA== X-Gm-Message-State: ACrzQf3ftHRxHnq8RkN3zJMQlvDVn9gREvEbbGdvVohexr4LPgtdEZJT IIGSg7hky6BvId3jREPBXs1avcx0MLXuFOaPPIYASttf X-Google-Smtp-Source: AMsMyM7RXJKoXnfS5F46NbDcgiXOCNU60kxRTW3bIJytrIR2ZOLMDBwTo+DNRlj1+hwQfUieSlICI0MMzTjDwPjPfWs= X-Received: by 2002:a17:906:d54d:b0:78e:f130:7099 with SMTP id cr13-20020a170906d54d00b0078ef1307099mr7604848ejc.142.1666195711588; Wed, 19 Oct 2022 09:08:31 -0700 (PDT) MIME-Version: 1.0 References: <CABZBVTC5kh7ca3KhVkFPdQjnsPhP4Kun1k3K6cPkarrjUiTJpA@mail.gmail.com> <CABZBVTCgiQFtxEyeOU=-SGDQUDthyy7sOgPwiT+OVi35LVivyA@mail.gmail.com> <CAD5xwhjFWgNTT5URX31jrULMb-iTxWih7673tpueD10AGbV=Gg@mail.gmail.com> <CABZBVTABUk_-t+LUud_6i=KMR8QpY_LXCKM57FOzNRhUEwmh=g@mail.gmail.com> In-Reply-To: <CABZBVTABUk_-t+LUud_6i=KMR8QpY_LXCKM57FOzNRhUEwmh=g@mail.gmail.com> From: Greg Sanders <gsanders87@gmail.com> Date: Wed, 19 Oct 2022 12:08:19 -0400 Message-ID: <CAB3F3DvH+SKC3x3-qzeQ0mGUMwm8=TH9WObQWVnsp=65autJNA@mail.gmail.com> To: Sergej Kotliar <sergej@bitrefill.com>, Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org> Content-Type: multipart/alternative; boundary="00000000000084003805eb656b91" Subject: Re: [bitcoin-dev] [Opt-in full-RBF] Zero-conf apps in immediate danger X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> X-List-Received-Date: Wed, 19 Oct 2022 16:08:36 -0000 --00000000000084003805eb656b91 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Another downside is that the sender may not opt into a non-pinnable future format like "V3 transactions", making CPFP difficult. They may spend a lot of fees to do this however, so maybe we're really reaching here. On Wed, Oct 19, 2022 at 12:07 PM Sergej Kotliar via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > It's an interesting idea, presumably it would work w the new package rela= y. > Scorched earth bidding war is definitely fine to deter this type of abuse= . > Need to consider it more thoroughly from all sides tho. CPFP on the serve= r > side generally has a couple of downsides: > * Requires a hot wallet to receive bitcoin > * an entity that is reliably known to do CPFP can be abused by people > looking to consolidate utxos, which can be quite costly. Might be solvabl= e > with a set of conditionals, and bad UX for abusers is less of a concern := ) > > Will follow up after more deliberation, thanks! > > > On Wed, 19 Oct 2022 at 17:43, Jeremy Rubin <jeremy.l.rubin@gmail.com> > wrote: > >> If they do this to you, and the delta is substantial, can't you sweep al= l >> such abusers with a cpfp transaction replacing their package and giving = you >> the original txn? >> >> On Wed, Oct 19, 2022, 7:33 AM Sergej Kotliar via bitcoin-dev < >> bitcoin-dev@lists.linuxfoundation.org> wrote: >> >>> Hi all, >>> >>> Chiming in on this thread as I feel like the real dangers of RBF as >>> default policy aren't sufficiently elaborated here. It's not only about= the >>> zero-conf (I'll get to that) but there is an even bigger danger called = the >>> american call option, which risks endangering the entirety of BIP21 "Sc= an >>> this QR code with your wallet to buy this product" model that I believe >>> we've all come to appreciate. Specifically, in a scenario with high >>> volatility and many transactions in the mempools (which is where RBF wo= uld >>> come in handy), a user can make a low-fee transaction and then wait for >>> hours, days or even longer, and see whether BTCUSD moves. If BTCUSD mov= es >>> up, user can cancel his transaction and make a new - cheaper one. The >>> biggest risk in accepting bitcoin payments is in fact not zeroconf risk >>> (it's actually quite easily managed), it's FX risk as the merchant must >>> commit to a certain BTCUSD rate ahead of time for a purchase. Over time >>> some transactions lose money to FX and others earn money - that evens o= ut >>> in the end. But if there is an _easily accessible in the wallet_ featur= e to >>> "cancel transaction" that means it will eventually get systematically >>> abused. A risk of X% loss on many payments that's easy to systematicall= y >>> abuse is more scary than a rare risk of losing 100% of one occasional >>> payment. It's already possible to execute this form of abuse with opt-i= n >>> RBF, which may lead to us at some point refusing those payments (even w= ith >>> confirmation) or cumbersome UX to work around it, such as crediting the >>> bitcoin to a custodial account. >>> >>> To compare zeroconf risk with FX risk: I think we've had one incident i= n >>> 8 years of operation where a user successfully fooled our server to acc= ept >>> a payment that in the end didn't confirm. To successfully fool (non-RBF= ) >>> zeroconf one needs to have access to mining infrastructure and probabil= ity >>> of success is the % of hash rate controlled. This is simply due to the = fact >>> that the network currently won't propagage the replacement transaction = to >>> the miner, which is what's being discussed here. American call option r= isk >>> would however be available to 100% of all users, needs nothing beyond t= he >>> wallet app, and has no cost to the user - only upside. >>> >>> Bitrefill currently processes 1500-2000 onchain payments every day. For >>> us, a world where bitcoin becomes de facto RBF by default, means that w= e >>> would likely turn off the BIP21 model for onchain payments, instruct >>> Bitcoin users to use Lightning or deposit onchain BTC to a custodial >>> account that we have. >>> This option is however not available for your typical >>> BTCPayServer/CoinGate/Bitpay/IBEX/OpenNode et al. Would be great to hea= r >>> from other merchants or payment providers how they see this new behavio= r >>> and how they would counteract it. >>> >>> Currently Lightning is somewhere around 15% of our total bitcoin >>> payments. This is very much not nothing, and all of us here want Lightn= ing >>> to grow, but I think it warrants a serious discussion on whether we wan= t >>> Lightning adoption to go to 100% by means of disabling on-chain commerc= e. >>> For me personally it would be an easier discussion to have when Lightni= ng >>> is at 80%+ of all bitcoin transactions. Currently far too many bitcoin >>> users simply don't have access to Lightning, and of those that do and h= old >>> their own keys Muun is the biggest wallet per our data, not least due t= o >>> their ease-of-use which is under threat per the OP. It's hard to assess= how >>> many users would switch to Lightning in such a scenario, the communicat= ion >>> around it would be hard. My intuition says that the majority of the cur= rent >>> 85% of bitcoin users that pay onchain would just not use bitcoin anymor= e, >>> probably shift to an alt. The benefits of Lightning are many and obviou= s, >>> we don't need to limit onchain to make Lightning more appealing. As an >>> anecdote, we did experiment with defaulting to bech32 addresses some ye= ars >>> back. The result was that simply users of the wallets that weren't able= to >>> pay to bech32 didn't complete the purchase, no support ticket or anythi= ng, >>> just "it didn't work =F0=9F=A4=B7=E2=80=8D=E2=99=82=EF=B8=8F" and user = moved on. We rolled it back, and later >>> implemented a wallet selector to allow modern wallets to pay to bech32 >>> while other wallets can pay to P2SH. This type of thing is clunky, and >>> requires a certain level of scale to be able to do, we certainly wouldn= 't >>> have had the manpower for that when we were starting out. This why I'm >>> cautious about introducing more such clunkiness vectors as they are >>> centralizing factors. >>> >>> I'm well aware of the reason for this policy being suggested and the >>> potential pinning attack vector for LN and other smart contracts, but I >>> think these two risks/costs need to be weighed against eachother first = and >>> thoroughly discussed because the costs are non-trivial on both sides. >>> >>> Sidenote: On the efficacy of RBF to "unstuck" stuck transactions >>> After interacting with users during high-fee periods I've come to not >>> appreciate RBF as a solution to that issue. Most users (80% or so) simp= ly >>> don't have access to that functionality, because their wallet doesn't >>> support it, or they use a custodial (exchange) wallet etc. Of those tha= t >>> have the feature - only the power users understand how RBF works, and >>> explaining how to do RBF to a non-power-user is just too complex, for t= he >>> same reason why it's complex for wallets to make sensible non-power-use= r UI >>> around it. Current equilibrium is that mostly only power users have acc= ess >>> to RBF and they know how to handle it, so things are somewhat working. = But >>> rolling this out to the broad market is something else and would likely >>> cause more confusion. >>> CPFP is somewhat more viable but also not perfect as it would require >>> lots of edge case code to handle abuse vectors: What if users abuse a >>> generous CPFP policy to unstuck past transactions or consolidate large >>> wallets. Best is for CPFP to be done on the wallet side, not the mercha= nt >>> side, but there too are the same UX issues as with RBF. >>> In the end a risk-based approach to decide on which payments are >>> non-trivial to reverse is the easiest, taking account user experience a= nd >>> such. Remember that in the fiat world card payments have up to 5% >>> chargebacks, whereas we in zero-conf bitcoin land we deal with "fewer t= han >>> 1 in a million" accepted transactions successfully reversed. These days= we >>> have very few support issues related to bitcoin payments. The few that = do >>> come in are due to accidental RBF users venting frustration about waiti= ng >>> for their tx to confirm. >>> "In theory, theory and practice are the same. In practice, they are not= " >>> >>> All the best, >>> Sergej Kotliar >>> CEO Bitrefill.com >>> >>> >>> -- >>> >>> Sergej Kotliar >>> >>> CEO >>> >>> >>> Twitter: @ziggamon <https://twitter.com/ziggamon> >>> >>> >>> www.bitrefill.com >>> >>> Twitter <https://www.twitter.com/bitrefill> | Blog >>> <https://www.bitrefill.com/blog/> | Angellist >>> <https://angel.co/bitrefill> >>> >>> >>> -- >>> >>> Sergej Kotliar >>> >>> CEO >>> >>> >>> Twitter: @ziggamon <https://twitter.com/ziggamon> >>> >>> >>> www.bitrefill.com >>> >>> Twitter <https://www.twitter.com/bitrefill> | Blog >>> <https://www.bitrefill.com/blog/> | Angellist >>> <https://angel.co/bitrefill> >>> _______________________________________________ >>> bitcoin-dev mailing list >>> bitcoin-dev@lists.linuxfoundation.org >>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >>> >> > > -- > > Sergej Kotliar > > CEO > > > Twitter: @ziggamon <https://twitter.com/ziggamon> > > > www.bitrefill.com > > Twitter <https://www.twitter.com/bitrefill> | Blog > <https://www.bitrefill.com/blog/> | Angellist <https://angel.co/bitrefill= > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --00000000000084003805eb656b91 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">Another=C2=A0downside is that the sender may not opt into = a non-pinnable future format like "V3 transactions", making CPFP = difficult. They may spend a lot of fees to do this however, so maybe we'= ;re really reaching here.</div><br><div class=3D"gmail_quote"><div dir=3D"l= tr" class=3D"gmail_attr">On Wed, Oct 19, 2022 at 12:07 PM Sergej Kotliar vi= a bitcoin-dev <<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">= bitcoin-dev@lists.linuxfoundation.org</a>> wrote:<br></div><blockquote c= lass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px soli= d rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr">It's an interesti= ng idea, presumably it would work w the new package relay.<div>Scorched ear= th bidding war is definitely fine to deter this type of abuse.</div><div>Ne= ed to consider it more thoroughly from all sides tho. CPFP on the server si= de generally has a couple of downsides:</div><div>* Requires a hot wallet t= o receive bitcoin</div><div>* an entity that is reliably known to do CPFP c= an be abused by people looking to consolidate utxos, which can be quite cos= tly. Might be solvable with a set of conditionals, and bad UX for abusers i= s less of a concern :)</div><div><br></div><div>Will follow up after more d= eliberation,=C2=A0thanks!</div><div><br></div></div><br><div class=3D"gmail= _quote"><div dir=3D"ltr" class=3D"gmail_attr">On Wed, 19 Oct 2022 at 17:43,= Jeremy Rubin <<a href=3D"mailto:jeremy.l.rubin@gmail.com" target=3D"_bl= ank">jeremy.l.rubin@gmail.com</a>> wrote:<br></div><blockquote class=3D"= gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(20= 4,204,204);padding-left:1ex"><div dir=3D"auto">If they do this to you, and = the delta is substantial, can't you sweep all such abusers with a cpfp = transaction replacing their package and giving you the original txn?</div><= br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Wed,= Oct 19, 2022, 7:33 AM Sergej Kotliar via bitcoin-dev <<a href=3D"mailto= :bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">bitcoin-dev@lists= .linuxfoundation.org</a>> wrote:<br></div><blockquote class=3D"gmail_quo= te" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204= );padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_quote"><div dir=3D= "ltr">Hi all,<div><br></div><div>Chiming in on this thread as I feel like t= he real dangers of RBF as default policy aren't sufficiently elaborated= here. It's not only about the zero-conf (I'll get to that) but the= re is an even bigger danger called the american call option, which risks en= dangering the entirety of BIP21 "Scan this QR code with your wallet to= buy this product" model that I believe we've all come to apprecia= te. Specifically, in a scenario with high volatility and many transactions = in the mempools (which is where RBF would come in handy), a user can make a= low-fee transaction and then wait for hours, days or even longer, and see = whether BTCUSD moves. If BTCUSD moves up, user can cancel his transaction a= nd make a new - cheaper one. The biggest risk in accepting bitcoin payments= is in fact not zeroconf risk (it's actually quite easily managed), it&= #39;s FX risk as the merchant must commit to a certain BTCUSD rate ahead of= time for a purchase. Over time some transactions lose money to FX and othe= rs earn money - that evens out in the end. But if there is an _easily acces= sible in the wallet_ feature to "cancel transaction" that means i= t will eventually get systematically abused. A risk of X% loss on many paym= ents that's easy to systematically abuse is more scary than a rare risk= of losing 100% of one occasional payment. It's already possible to exe= cute this form of abuse with opt-in RBF, which may lead to us at some point= refusing those payments (even with confirmation) or cumbersome UX to work = around it, such as crediting the bitcoin to a custodial account.</div><div>= <br></div><div>To compare zeroconf risk with FX risk: I think we've had= one incident in 8 years of operation where a user successfully fooled our = server to accept a payment that in the end didn't confirm. To successfu= lly fool (non-RBF) zeroconf one needs to have access to mining infrastructu= re and probability of success is the % of hash rate controlled. This is sim= ply due to the fact that the network currently won't propagage the repl= acement transaction to the miner, which is what's being discussed here.= American call option risk would however be available to 100% of all users,= needs nothing beyond the wallet app, and has no cost to the user - only up= side.<br></div><div><br></div><div>Bitrefill currently processes 1500-2000 = onchain payments every day. For us, a world where bitcoin becomes de facto = RBF by default, means that we would likely turn off the BIP21 model for onc= hain payments, instruct Bitcoin users to use Lightning or deposit onchain B= TC to a custodial account that we have.=C2=A0<br></div><div>This option is = however not available for your typical BTCPayServer/CoinGate/Bitpay/IBEX/Op= enNode et al. Would be great to hear from other merchants or payment provid= ers how they see this new behavior and how they would counteract it.</div><= div><br></div><div>Currently Lightning is somewhere around 15% of our total= bitcoin payments. This is very much not nothing, and all of us here want L= ightning to grow, but I think it warrants a serious discussion on whether w= e want Lightning adoption to go to 100% by means of disabling on-chain comm= erce. For me personally it would be an easier discussion to have when Light= ning is at 80%+ of all bitcoin transactions. Currently far too many bitcoin= users simply don't have access to Lightning, and of those that do and = hold their own keys Muun is the biggest wallet per our data, not least due = to their ease-of-use which is under threat per the OP. It's hard to ass= ess how many users would switch to Lightning in such a scenario, the commun= ication around it would be hard. My intuition says that the majority of the= current 85% of bitcoin users that pay onchain would just not use bitcoin a= nymore, probably shift to an alt. The benefits of Lightning are many and ob= vious, we don't need to limit onchain to make Lightning more appealing.= As an anecdote, we did experiment with defaulting to bech32 addresses some= years back. The result was that simply users of the wallets that weren'= ;t able to pay to bech32 didn't complete the purchase, no support ticke= t or anything, just "it didn't work =F0=9F=A4=B7=E2=80=8D=E2=99=82= =EF=B8=8F" and user moved on. We rolled it back, and later implemented= a wallet selector to allow modern wallets to pay to bech32 while other wal= lets can pay to P2SH. This type of thing=C2=A0 is clunky, and requires a ce= rtain level of scale to be able to do, we certainly wouldn't have had t= he manpower for that when we were starting out. This why I'm cautious a= bout introducing more such clunkiness vectors as they are centralizing fact= ors.</div><div><br></div><div>I'm well aware of the reason for this pol= icy being suggested and the potential pinning attack vector for LN and othe= r smart contracts, but I think these two risks/costs need to be weighed aga= inst eachother first and thoroughly discussed because the costs are non-tri= vial on both sides.<br clear=3D"all"><div><br></div><div>Sidenote: On the e= fficacy of RBF to "unstuck" stuck transactions</div><div>After in= teracting with users during high-fee periods I've come to not appreciat= e RBF as a solution to that issue. Most users (80% or so) simply don't = have access to that functionality, because their wallet doesn't support= it, or they use a custodial (exchange) wallet etc. Of those that have the = feature - only the power users understand how RBF works, and explaining how= to do RBF to a non-power-user is just too complex, for the same reason why= it's complex for wallets to make sensible non-power-user UI around it.= Current equilibrium is that mostly only power users have access to RBF and= they know how to handle it, so things are somewhat working. But rolling th= is out to the broad market is something else and would likely cause more co= nfusion.=C2=A0</div><div>CPFP is somewhat more viable but also not perfect = as it would require lots of edge case code to handle abuse vectors: What if= users abuse a generous CPFP policy to unstuck past transactions or consoli= date large wallets. Best is for CPFP to be done on the wallet side, not the= merchant side, but there too are the same UX issues as with RBF.=C2=A0</di= v><div>In the end a risk-based approach to decide on which payments are non= -trivial to reverse is the easiest, taking account user experience and such= . Remember that in the fiat world card payments have up to 5% chargebacks, = whereas we in zero-conf bitcoin land we deal with "fewer than 1 in a m= illion" accepted transactions successfully reversed. These days we hav= e very few support issues related to bitcoin payments. The few that do come= in are due to accidental RBF users venting frustration about waiting for t= heir tx to confirm.</div><div>"In theory, theory and practice are the = same. In practice, they are not"</div><div><br></div><div>All the best= ,=C2=A0</div><div>Sergej Kotliar</div><div>CEO Bitrefill.com</div><div><br>= </div><div><br></div>-- <br><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"l= tr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><di= v dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><p dir=3D"= ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span styl= e=3D"font-size:9.5pt;font-family:Arial;color:rgb(0,0,0);background-color:tr= ansparent;font-weight:700;font-style:normal;font-variant:normal;text-decora= tion:none;vertical-align:baseline;white-space:pre-wrap">Sergej Kotliar</spa= n></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom= :0pt"><span style=3D"font-size:9.5pt;font-family:Arial;color:rgb(0,0,0);bac= kground-color:transparent;font-weight:700;font-style:normal;font-variant:no= rmal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">CEO= </span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-b= ottom:0pt"><b style=3D"font-weight:normal"><br></b></p><p dir=3D"ltr" style= =3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-= size:11pt;font-family:Arial;color:rgb(102,102,102);background-color:transpa= rent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:= none;vertical-align:baseline;white-space:pre-wrap"><span style=3D"border:no= ne;display:inline-block;overflow:hidden;width:220px;height:80px"><img src= =3D"https://lh4.googleusercontent.com/wU5i7e8boCd7o3P52cUTKrqeTa7jV2dPEXlui= jGtPBy0f1F0R2_zIg_zOQ2kigkbVbSWqLlVdwuBYgo_txXMKkCWdMfBFRNhsDhFpNv1QrRZsD-g= PxDui-4l0tZI1QcjtefCDkNG" width=3D"220" height=3D"80" style=3D"margin-left:= 0px; margin-top: 0px;"></span></span></p><p dir=3D"ltr" style=3D"line-heig= ht:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:9.5pt;fo= nt-family:Arial;color:rgb(102,102,102);background-color:transparent;font-we= ight:400;font-style:normal;font-variant:normal;text-decoration:none;vertica= l-align:baseline;white-space:pre-wrap">Twitter: @</span><a href=3D"https://= twitter.com/ziggamon" style=3D"text-decoration:none" rel=3D"noreferrer" tar= get=3D"_blank"><span style=3D"font-size:9.5pt;font-family:Arial;color:rgb(1= 02,102,102);background-color:transparent;font-weight:400;font-style:normal;= font-variant:normal;text-decoration:underline;vertical-align:baseline;white= -space:pre-wrap">ziggamon</span></a><span style=3D"font-size:9.5pt;font-fam= ily:Arial;color:rgb(102,102,102);background-color:transparent;font-weight:4= 00;font-style:normal;font-variant:normal;text-decoration:none;vertical-alig= n:baseline;white-space:pre-wrap">=C2=A0</span></p><p dir=3D"ltr" style=3D"l= ine-height:1.38;margin-top:0pt;margin-bottom:0pt"><b style=3D"font-weight:n= ormal"><br></b></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;= margin-bottom:0pt"><a href=3D"http://www.bitrefill.com/" style=3D"text-deco= ration:none" rel=3D"noreferrer" target=3D"_blank"><span style=3D"font-size:= 9.5pt;font-family:Arial;color:rgb(102,102,102);background-color:transparent= ;font-weight:400;font-style:normal;font-variant:normal;text-decoration:unde= rline;vertical-align:baseline;white-space:pre-wrap">www.bitrefill.com</span= ></a></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bot= tom:0pt"><a href=3D"https://www.twitter.com/bitrefill" rel=3D"noreferrer" t= arget=3D"_blank"><span style=3D"font-size:9.5pt;font-family:Arial;color:rgb= (102,102,102);background-color:transparent;vertical-align:baseline;white-sp= ace:pre-wrap">Twitter</span></a><span style=3D"font-size:9.5pt;font-family:= Arial;color:rgb(102,102,102);background-color:transparent;vertical-align:ba= seline;white-space:pre-wrap"> | </span><a href=3D"https://www.bitrefill.com= /blog/" rel=3D"noreferrer" target=3D"_blank"><span style=3D"font-size:9.5pt= ;font-family:Arial;color:rgb(102,102,102);background-color:transparent;vert= ical-align:baseline;white-space:pre-wrap">Blog</span></a><span style=3D"fon= t-size:9.5pt;font-family:Arial;color:rgb(102,102,102);background-color:tran= sparent;vertical-align:baseline;white-space:pre-wrap"> | </span><a href=3D"= https://angel.co/bitrefill" rel=3D"noreferrer" target=3D"_blank"><span styl= e=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102);background-co= lor:transparent;vertical-align:baseline;white-space:pre-wrap">Angellist </s= pan></a><br></p></div></div></div></div></div></div></div></div></div></div= ></div></div></div> </div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"><div dir=3D"= ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><d= iv dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir= =3D"ltr"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bot= tom:0pt"><span style=3D"font-size:9.5pt;font-family:Arial;color:rgb(0,0,0);= background-color:transparent;font-weight:700;font-style:normal;font-variant= :normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">= Sergej Kotliar</span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-to= p:0pt;margin-bottom:0pt"><span style=3D"font-size:9.5pt;font-family:Arial;c= olor:rgb(0,0,0);background-color:transparent;font-weight:700;font-style:nor= mal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-= space:pre-wrap">CEO</span></p><p dir=3D"ltr" style=3D"line-height:1.38;marg= in-top:0pt;margin-bottom:0pt"><b style=3D"font-weight:normal"><br></b></p><= p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><= span style=3D"font-size:11pt;font-family:Arial;color:rgb(102,102,102);backg= round-color:transparent;font-weight:700;font-style:normal;font-variant:norm= al;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><span= style=3D"border:none;display:inline-block;overflow:hidden;width:220px;heig= ht:80px"><img src=3D"https://lh4.googleusercontent.com/wU5i7e8boCd7o3P52cUT= KrqeTa7jV2dPEXluijGtPBy0f1F0R2_zIg_zOQ2kigkbVbSWqLlVdwuBYgo_txXMKkCWdMfBFRN= hsDhFpNv1QrRZsD-gPxDui-4l0tZI1QcjtefCDkNG" width=3D"220" height=3D"80" styl= e=3D"margin-left: 0px; margin-top: 0px;"></span></span></p><p dir=3D"ltr" s= tyle=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"f= ont-size:9.5pt;font-family:Arial;color:rgb(102,102,102);background-color:tr= ansparent;font-weight:400;font-style:normal;font-variant:normal;text-decora= tion:none;vertical-align:baseline;white-space:pre-wrap">Twitter: @</span><a= href=3D"https://twitter.com/ziggamon" style=3D"text-decoration:none" rel= =3D"noreferrer" target=3D"_blank"><span style=3D"font-size:9.5pt;font-famil= y:Arial;color:rgb(102,102,102);background-color:transparent;font-weight:400= ;font-style:normal;font-variant:normal;text-decoration:underline;vertical-a= lign:baseline;white-space:pre-wrap">ziggamon</span></a><span style=3D"font-= size:9.5pt;font-family:Arial;color:rgb(102,102,102);background-color:transp= arent;font-weight:400;font-style:normal;font-variant:normal;text-decoration= :none;vertical-align:baseline;white-space:pre-wrap">=C2=A0</span></p><p dir= =3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><b sty= le=3D"font-weight:normal"><br></b></p><p dir=3D"ltr" style=3D"line-height:1= .38;margin-top:0pt;margin-bottom:0pt"><a href=3D"http://www.bitrefill.com/"= style=3D"text-decoration:none" rel=3D"noreferrer" target=3D"_blank"><span = style=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102);backgroun= d-color:transparent;font-weight:400;font-style:normal;font-variant:normal;t= ext-decoration:underline;vertical-align:baseline;white-space:pre-wrap">www.= bitrefill.com</span></a></p><p dir=3D"ltr" style=3D"line-height:1.38;margin= -top:0pt;margin-bottom:0pt"><a href=3D"https://www.twitter.com/bitrefill" r= el=3D"noreferrer" target=3D"_blank"><span style=3D"font-size:9.5pt;font-fam= ily:Arial;color:rgb(102,102,102);background-color:transparent;vertical-alig= n:baseline;white-space:pre-wrap">Twitter</span></a><span style=3D"font-size= :9.5pt;font-family:Arial;color:rgb(102,102,102);background-color:transparen= t;vertical-align:baseline;white-space:pre-wrap"> | </span><a href=3D"https:= //www.bitrefill.com/blog/" rel=3D"noreferrer" target=3D"_blank"><span style= =3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102);background-col= or:transparent;vertical-align:baseline;white-space:pre-wrap">Blog</span></a= ><span style=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102);ba= ckground-color:transparent;vertical-align:baseline;white-space:pre-wrap"> |= </span><a href=3D"https://angel.co/bitrefill" rel=3D"noreferrer" target=3D= "_blank"><span style=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102= ,102);background-color:transparent;vertical-align:baseline;white-space:pre-= wrap">Angellist </span></a><br></p></div></div></div></div></div></div></di= v></div></div></div></div></div> _______________________________________________<br> bitcoin-dev mailing list<br> <a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" rel=3D"noreferrer"= target=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a><br> <a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" = rel=3D"noreferrer noreferrer" target=3D"_blank">https://lists.linuxfoundati= on.org/mailman/listinfo/bitcoin-dev</a><br> </blockquote></div> </blockquote></div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"= ><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div d= ir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"l= tr"><div dir=3D"ltr"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0p= t;margin-bottom:0pt"><span style=3D"font-size:9.5pt;font-family:Arial;color= :rgb(0,0,0);background-color:transparent;font-weight:700;font-style:normal;= font-variant:normal;text-decoration:none;vertical-align:baseline;white-spac= e:pre-wrap">Sergej Kotliar</span></p><p dir=3D"ltr" style=3D"line-height:1.= 38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:9.5pt;font-fa= mily:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:700;fo= nt-style:normal;font-variant:normal;text-decoration:none;vertical-align:bas= eline;white-space:pre-wrap">CEO</span></p><p dir=3D"ltr" style=3D"line-heig= ht:1.38;margin-top:0pt;margin-bottom:0pt"><b style=3D"font-weight:normal"><= br></b></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-b= ottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;color:rgb(102,10= 2,102);background-color:transparent;font-weight:700;font-style:normal;font-= variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre= -wrap"><span style=3D"border:none;display:inline-block;overflow:hidden;widt= h:220px;height:80px"><img src=3D"https://lh4.googleusercontent.com/wU5i7e8b= oCd7o3P52cUTKrqeTa7jV2dPEXluijGtPBy0f1F0R2_zIg_zOQ2kigkbVbSWqLlVdwuBYgo_txX= MKkCWdMfBFRNhsDhFpNv1QrRZsD-gPxDui-4l0tZI1QcjtefCDkNG" width=3D"220" height= =3D"80" style=3D"margin-left: 0px; margin-top: 0px;"></span></span></p><p d= ir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><spa= n style=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102);backgro= und-color:transparent;font-weight:400;font-style:normal;font-variant:normal= ;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Twitter= : @</span><a href=3D"https://twitter.com/ziggamon" style=3D"text-decoration= :none" target=3D"_blank"><span style=3D"font-size:9.5pt;font-family:Arial;c= olor:rgb(102,102,102);background-color:transparent;font-weight:400;font-sty= le:normal;font-variant:normal;text-decoration:underline;vertical-align:base= line;white-space:pre-wrap">ziggamon</span></a><span style=3D"font-size:9.5p= t;font-family:Arial;color:rgb(102,102,102);background-color:transparent;fon= t-weight:400;font-style:normal;font-variant:normal;text-decoration:none;ver= tical-align:baseline;white-space:pre-wrap">=C2=A0</span></p><p dir=3D"ltr" = style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><b style=3D"fon= t-weight:normal"><br></b></p><p dir=3D"ltr" style=3D"line-height:1.38;margi= n-top:0pt;margin-bottom:0pt"><a href=3D"http://www.bitrefill.com/" style=3D= "text-decoration:none" target=3D"_blank"><span style=3D"font-size:9.5pt;fon= t-family:Arial;color:rgb(102,102,102);background-color:transparent;font-wei= ght:400;font-style:normal;font-variant:normal;text-decoration:underline;ver= tical-align:baseline;white-space:pre-wrap">www.bitrefill.com</span></a></p>= <p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">= <a href=3D"https://www.twitter.com/bitrefill" target=3D"_blank"><span style= =3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102);background-col= or:transparent;vertical-align:baseline;white-space:pre-wrap">Twitter</span>= </a><span style=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102)= ;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"= > | </span><a href=3D"https://www.bitrefill.com/blog/" target=3D"_blank"><s= pan style=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102);backg= round-color:transparent;vertical-align:baseline;white-space:pre-wrap">Blog<= /span></a><span style=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,10= 2,102);background-color:transparent;vertical-align:baseline;white-space:pre= -wrap"> | </span><a href=3D"https://angel.co/bitrefill" target=3D"_blank"><= span style=3D"font-size:9.5pt;font-family:Arial;color:rgb(102,102,102);back= ground-color:transparent;vertical-align:baseline;white-space:pre-wrap">Ange= llist </span></a><br></p></div></div></div></div></div></div></div></div></= div></div></div> _______________________________________________<br> bitcoin-dev mailing list<br> <a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">= bitcoin-dev@lists.linuxfoundation.org</a><br> <a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" = rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev</a><br> </blockquote></div> --00000000000084003805eb656b91--