MIME-Version: 1.0
In-Reply-To: <5591E10F.9000008@thinlink.com>
References: <20150629050726.GA502@savin.petertodd.org>
	<5591E10F.9000008@thinlink.com>
Date: Tue, 30 Jun 2015 02:51:58 +0200
Message-ID: <CAAt2M1_yiN8ouaTdiyx8n8CkaT=e-pdUqqtde-bC32enqLfHog@mail.gmail.com>
From: Natanael <natanael.l@gmail.com>
To: Tom Harding <tomh@thinlink.com>
Content-Type: multipart/alternative; boundary=001a11c1a8081564cc0519b19d3b
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] BIP: Full Replace-by-Fee deployment schedule
Precedence: list

--001a11c1a8081564cc0519b19d3b
Content-Type: text/plain; charset=UTF-8

Den 30 jun 2015 02:21 skrev "Tom Harding" <tomh@thinlink.com>:
>
> On 6/28/2015 10:07 PM, Peter Todd wrote:
>>
>> Worryingly large payment providers have shown
>> willingness(4) to consider extreme measures such as entering into legal
>> contracts directly with large miners to ensure their transactions get
mined.
>> This is a significant centralization risk and it is not practical or even
>> possible for small miners to enter into these contracts, leading to a
situation
>> where moving your hashing power to a larger pool will result in higher
profits
>> from hashing power contracts; if these payment providers secure a
majority of
>> hashing power with these contracts inevitably there will be a temptation
to
>> kick non-compliant miners off the network entirely with a 51% attack.
>>
>
> Your incomprehensible meddling with successful usage patterns threatens
to have unintended consequences directly in opposition to your own stated
goal of decentralization.  And yet you persist.
>
> As we deliberately break things and turn the P2P network into a
completely unpredictable hodge-podge of relay policies, we should expect
many more participants to bypass the P2P network entirely.

What you are asking for is TSA style reactive security and unverifiable and
fundamentally untrustable security mechanisms, rejecting proactive security
on the grounds that it is inconvenient.

What you ask to see implemented will trivially fall to a sybil attack. It
isn't securable. It is running on the honor system exclusively. It will be
attacked, it will fail, losses will be had, the attackers will walk away
with embarrassingly large sums.

You want verifiable behavior? Incentives to tell the truth? Incentives to
be consistent? Multisignature notaries (Greenaddress.it), payment channel
based hub-and-spokes (LN,  Stroem), etc... Trusting the P2P network is
futile. You need one accountable party that is actually capable of
enforcing the behavior you ask for, one that can build a reputation over
time - the P2P nodes you wish to hold accountable are on the other hand
powerless to stop an actual attack, their reputations are therefore
meaningless and irrelevant. Multisignature notaries aren't, as they can
stop an attack, and they can be sued for breach of contract if they don't -
neither of those applies to P2P nodes.

--001a11c1a8081564cc0519b19d3b
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr"><br>
Den 30 jun 2015 02:21 skrev &quot;Tom Harding&quot; &lt;<a href=3D"mailto:t=
omh@thinlink.com">tomh@thinlink.com</a>&gt;:<br>
&gt;<br>
&gt; On 6/28/2015 10:07 PM, Peter Todd wrote:<br>
&gt;&gt;<br>
&gt;&gt; Worryingly large payment providers have shown<br>
&gt;&gt; willingness(4) to consider extreme measures such as entering into =
legal<br>
&gt;&gt; contracts directly with large miners to ensure their transactions =
get mined.<br>
&gt;&gt; This is a significant centralization risk and it is not practical =
or even<br>
&gt;&gt; possible for small miners to enter into these contracts, leading t=
o a situation<br>
&gt;&gt; where moving your hashing power to a larger pool will result in hi=
gher profits<br>
&gt;&gt; from hashing power contracts; if these payment providers secure a =
majority of<br>
&gt;&gt; hashing power with these contracts inevitably there will be a temp=
tation to<br>
&gt;&gt; kick non-compliant miners off the network entirely with a 51% atta=
ck.<br>
&gt;&gt;<br>
&gt;<br>
&gt; Your incomprehensible meddling with successful usage patterns threaten=
s to have unintended consequences directly in opposition to your own stated=
 goal of decentralization.=C2=A0 And yet you persist.<br>
&gt;<br>
&gt; As we deliberately break things and turn the P2P network into a comple=
tely unpredictable hodge-podge of relay policies, we should expect many mor=
e participants to bypass the P2P network entirely.</p>
<p dir=3D"ltr">What you are asking for is TSA style reactive security and u=
nverifiable and fundamentally untrustable security mechanisms, rejecting pr=
oactive security on the grounds that it is inconvenient. </p>
<p dir=3D"ltr">What you ask to see implemented will trivially fall to a syb=
il attack. It isn&#39;t securable. It is running on the honor system exclus=
ively. It will be attacked, it will fail, losses will be had, the attackers=
 will walk away with embarrassingly large sums. </p>
<p dir=3D"ltr">You want verifiable behavior? Incentives to tell the truth? =
Incentives to be consistent? Multisignature notaries (Greenaddress.it), pay=
ment channel based hub-and-spokes (LN,=C2=A0 Stroem), etc... Trusting the P=
2P network is futile. You need one accountable party that is actually capab=
le of enforcing the behavior you ask for, one that can build a reputation o=
ver time - the P2P nodes you wish to hold accountable are on the other hand=
 powerless to stop an actual attack, their reputations are therefore meanin=
gless and irrelevant. Multisignature notaries aren&#39;t, as they can stop =
an attack, and they can be sued for breach of contract if they don&#39;t - =
neither of those applies to P2P nodes. </p>

--001a11c1a8081564cc0519b19d3b--