Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from <pete@petertodd.org>) id 1Ybrfu-00020n-Ge for bitcoin-development@lists.sourceforge.net; Sat, 28 Mar 2015 14:25:22 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.148.108 as permitted sender) client-ip=62.13.148.108; envelope-from=pete@petertodd.org; helo=outmail148108.authsmtp.net; Received: from outmail148108.authsmtp.net ([62.13.148.108]) by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1Ybrfs-0002oG-MD for bitcoin-development@lists.sourceforge.net; Sat, 28 Mar 2015 14:25:22 +0000 Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237]) by punt15.authsmtp.com (8.14.2/8.14.2/) with ESMTP id t2SEPEoO008857; Sat, 28 Mar 2015 14:25:14 GMT Received: from [26.145.36.120] ([172.56.22.103]) (authenticated bits=0) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id t2SEPB1O028298 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 28 Mar 2015 14:25:12 GMT In-Reply-To: <CANEZrP3Prp6EFUdH_VDWkq508HkeFBMn+swzZ9ycAMsrOazFZA@mail.gmail.com> References: <CANEZrP3Prp6EFUdH_VDWkq508HkeFBMn+swzZ9ycAMsrOazFZA@mail.gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 From: Peter Todd <pete@petertodd.org> Date: Sat, 28 Mar 2015 14:22:27 +0000 To: Mike Hearn <mike@plan99.net>, Bitcoin Dev <bitcoin-development@lists.sourceforge.net> Message-ID: <FEB90DA4-2BF3-460F-8F35-9BCE929A2A31@petertodd.org> X-Server-Quench: 3f0e8175-d556-11e4-9f74-002590a135d3 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aAdMdAoUFVQGAgsB AmMbWlBeUlh7WGE7 ag1TcwBbfEhMQQRq U1dNRFdNFUssA390 ZmwfLRlwfwdPcDBx ZURrWD5YCkQvfUd6 R1MAEGgAeGZhPWQC WRZfcx5UcAFPdx8U a1N6AHBDAzANdhES HhM4ODE3eDlSNilR RRkIIFQOdA4nGSM2 Qx1KBi0iG0EEQSp7 JhoqYkQRBEIYOUh6 O0ppV18VWwA8 X-Authentic-SMTP: 61633532353630.1024:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 172.56.22.103/465 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1Ybrfs-0002oG-MD Subject: Re: [Bitcoin-development] Double spending and replace by fee X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: <bitcoin-development.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> List-Post: <mailto:bitcoin-development@lists.sourceforge.net> List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> X-List-Received-Date: Sat, 28 Mar 2015 14:25:22 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Would you so us all a favor and make a list of companies *actually* relying on "first-seen" mempool behaviour. Because I've been having a hard time actually finding anyone who does who hasn't given up on it. Not very useful to talk about attacks against hypothetical defences. On 28 March 2015 09:58:53 GMT-04:00, Mike Hearn <mike@plan99.net> wrote: >I've written a couple of blog posts on replace by fee and double >spending >mitigations. They sum up the last few years (!) worth of discussions on >this list and elsewhere, from my own perspective. > >I make no claim to be comprehensive or unbiased but I keep being asked >about these topics so figured I'd just write up my thoughts once so I >can >send links instead of answers :) And then so can anyone who happens to >agree. > >(1) Replace by fee scorched earth, a counter argument: > >https://medium.com/@octskyward/replace-by-fee-43edd9a1dd6d > >This article lays out the case against RBF-SE and argues it is harmful >to >Bitcoin. > >(2) Double spending and how to make it harder: > >https://medium.com/@octskyward/double-spending-in-bitcoin-be0f1d1e8008 > >This article summarises a couple of double spending incidents against >merchants and then discusses the following techniques: > > 1. Risk analysis of transactions > 2. Payment channels > 3. Countersigning by a trusted third party > 4. Remote attestation > 5. ID verification > 6. Waiting for confirmations > 7. Punishment of double spending blocks > >I hope the material is useful / interesting. > > >------------------------------------------------------------------------ > >------------------------------------------------------------------------------ >Dive into the World of Parallel Programming The Go Parallel Website, >sponsored >by Intel and developed in partnership with Slashdot Media, is your hub >for all >things parallel software development, from weekly thought leadership >blogs to >news, videos, case studies, tutorials and more. Take a look and join >the >conversation now. http://goparallel.sourceforge.net/ > >------------------------------------------------------------------------ > >_______________________________________________ >Bitcoin-development mailing list >Bitcoin-development@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/bitcoin-development -----BEGIN PGP SIGNATURE----- iQE9BAEBCAAnIBxQZXRlciBUb2RkIDxwZXRlQHBldGVydG9kZC5vcmc+BQJVFrj2 AAoJEMCF8hzn9LncxH8IAIFVwBvpNQfDJTJGEHT8LHQEIB0hLmEMSWwYRovHdwob u3mUigF7dpYoQfL9eU7NqSaNsAkL2WEhBYS9C/OF81AFApxuugnH/VOGz9X4PvJ/ zy5wP12onOrL//8/H9PoGH2dP3fmEe/rdhLelWUABuzyPQaoIaMLTZGREipbbBPK mJ6lBbNhtGGSxV3RgKvkkFYYBCAci/S/ntzpTOuYsgvZIjiXVsxD1uZZ/SiGfS3M R+RIrDX6W/xRdct0gm07KrHMNWo2kPE6uT6egZDxPNP308ddLwGWcvQWTe73bmEL FXsb6gUnfoXwBZfhDav41H4gRdZhLC+gOwVIcx0qLOY= =t0aZ -----END PGP SIGNATURE-----