Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
Content-Type: multipart/signed;
	boundary="Apple-Mail=_C3349B33-F35B-4C62-8C0A-C0A1176B90C0";
	protocol="application/pgp-signature"; micalg=pgp-sha512
From: Eric Lombrozo <elombrozo@gmail.com>
In-Reply-To: <79149E7A-0357-448D-BE59-BF1FC46C33BA@gmail.com>
Date: Fri, 24 Jul 2015 13:31:46 -0700
Message-Id: <081736BF-5DF8-4302-9680-A8395F2498B5@gmail.com>
References: <CAGLBAhepXCaChSBsz49YNnLOOpiy9nsNYqNv0NH+G3W=17=2yA@mail.gmail.com>
	<trinity-44986062-638d-4c20-a1f8-56a7c7cec648-1437709050654@3capp-mailcom-bs10>
	<CA+w+GKS91NWB9ffysD4qEvAm+r1PswMePq6dirshbcZzpFg6Cg@mail.gmail.com>
	<CALqxMTFWfvc7LL5UgOMNnzNCxwbgyGRXgdV7wt1LYGGZ9h4XWw@mail.gmail.com>
	<20150724174039.GA25947@savin.petertodd.org>
	<79149E7A-0357-448D-BE59-BF1FC46C33BA@gmail.com>
To: Peter Todd <pete@petertodd.org>
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] Bitcoin Roadmap 2015,
	or "If We Do Nothing" Analysis
Precedence: list


--Apple-Mail=_C3349B33-F35B-4C62-8C0A-C0A1176B90C0
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_8C5FC45C-128A-4963-87E5-E41484008EB8"


--Apple-Mail=_8C5FC45C-128A-4963-87E5-E41484008EB8
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

Peter, it=E2=80=99s a work in evolution, it=E2=80=99s not complete yet. =
It=E2=80=99s still missing a bunch of stuff - please feel free to =
contribute.

> On Jul 24, 2015, at 1:28 PM, Eric Lombrozo <elombrozo@gmail.com> =
wrote:
>=20
>>=20
>> On Jul 24, 2015, at 10:40 AM, Peter Todd via bitcoin-dev =
<bitcoin-dev@lists.linuxfoundation.org> wrote:
>>=20
>> On Fri, Jul 24, 2015 at 07:09:13AM -0700, Adam Back via bitcoin-dev =
wrote:
>>> (Claim of large bitcoin ecosystem companies without full nodes) this
>>> says to me rather we have a need for education: I run a full node
>>> myself (intermittently), just for my puny collection of bitcoins.  =
If
>>> I ran a business with custody of client funds I'd wake up in a cold
>>> sweat at night about the security and integrity of the companies =
full
>>> nodes, and reconciliation of client funds against them.
>>>=20
>>> However I'm not sure the claim is accurate ($30m funding and no full
>>> node) but to take the hypothetical that this pattern exists, =
security
>>> people and architects at such companies must insist on the company
>>> running their own full node to depend on and cross check from
>>> otherwise they would be needlessly putting their client's funds at
>>> risk.
>>=20
>> FWIW, blockchain.info is obviously *not* running a full node as their
>> wallet was accepting invalid confirmations on transactions caused by =
the
>> recent BIP66 related fork; blockchain.info has $30m in funding.
>>=20
>> Coinbase also was not running a full node not all that long ago, =
instead
>> running a custom Ruby implementation that caused their service to go
>> down whenever it forked. (and would have also accepted invalid
>> confirmations) I believe right now they're running that =
implementation
>> behind a full node however.
>>=20
>>> The crypto currency security standards document probably covers
>>> requirement for fullnode somewhere
>>> https://cryptoconsortium.github.io/CCSS/ - we need some kind of =
basic
>>> minimum bar standard for companies to aim for and this seems like a
>>> reasonable start!
>>=20
>> Actually I've been trying to get the CCSS standard to cover full =
nodes,
>> and have been getting push-back:
>>=20
>> https://github.com/CryptoConsortium/CCSS/issues/15
>>=20
>> tl;dr: Running a full node is *not* required by the standard right =
now
>> at any certification level.
>>=20
>> This is of course completely ridiculous... But I haven't had much =
much
>> time to put into getting that changed so maybe we just need some =
better
>> explanations to the others maintaining the standard. That said, if =
the
>> standard stays that way, obviously I'm going to have to ask to have =
my
>> name taken off it.
>=20
> For the record, there=E2=80=99s pretty much unanimous agreement that =
running a full node should be a requirement at the higher levels of =
certification (if not the lower ones as well). I=E2=80=99m not sure =
exactly what pushback you=E2=80=99re referring to.
>=20
>=20
>>> In terms of a constructive discussion, I think it's interesting to
>>> talk about the root cause and solutions: decentralisation (more
>>> economically dependent full nodes, lower miner policy =
centralisation),
>>> more layer 2 work.  People interested in scaling, if they havent,
>>> should go read the lightning paper, look at the github and =
participate
>>> in protocol or code work.  I think realistically we can have this
>>> running inside of a year.  That significantly changes the dynamic.
>>> Similarly a significant part of mining centralisation is artificial
>>> and work is underway that will improve that.
>>=20
>> I would point out that lack of understanding of how Bitcoin works, as
>> well as a lack of understanding of security engineering in general, =
is
>> probably a significant contributor to these problems. Furthermore
>> Bitcoin and cryptocurrencies in general are still small enough that =
many
>> forseeable low probability but high impact events haven't happened,
>> making it difficult to explain to non-technical stakeholders why they
>> should be listening to experts rather than charlatans and fools.
>>=20
>> After a few major centralization related failures have occured, we'll
>> have an easier job here. Unfortunately there's also a good chance we
>> only get one shot at this due to how easy it is to kill PoW systems =
at
>> birth...
>>=20
>> --
>> 'peter'[:-1]@petertodd.org
>> 000000000000000014438a428adfcf4d113a09b87e4a552a1608269ff137ef2d
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev


--Apple-Mail=_8C5FC45C-128A-4963-87E5-E41484008EB8
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D"">Peter, it=E2=80=99s a work in evolution, it=E2=80=99s not =
complete yet. It=E2=80=99s still missing a bunch of stuff - please feel =
free to contribute.<div class=3D""><br class=3D""><div><blockquote =
type=3D"cite" class=3D""><div class=3D"">On Jul 24, 2015, at 1:28 PM, =
Eric Lombrozo &lt;<a href=3D"mailto:elombrozo@gmail.com" =
class=3D"">elombrozo@gmail.com</a>&gt; wrote:</div><br =
class=3D"Apple-interchange-newline"><div class=3D""><blockquote =
type=3D"cite" style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><br class=3D"Apple-interchange-newline">On Jul 24, 2015, at =
10:40 AM, Peter Todd via bitcoin-dev &lt;<a =
href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" =
class=3D"">bitcoin-dev@lists.linuxfoundation.org</a>&gt; wrote:<br =
class=3D""><br class=3D"">On Fri, Jul 24, 2015 at 07:09:13AM -0700, Adam =
Back via bitcoin-dev wrote:<br class=3D""><blockquote type=3D"cite" =
class=3D"">(Claim of large bitcoin ecosystem companies without full =
nodes) this<br class=3D"">says to me rather we have a need for =
education: I run a full node<br class=3D"">myself (intermittently), just =
for my puny collection of bitcoins. &nbsp;If<br class=3D"">I ran a =
business with custody of client funds I'd wake up in a cold<br =
class=3D"">sweat at night about the security and integrity of the =
companies full<br class=3D"">nodes, and reconciliation of client funds =
against them.<br class=3D""><br class=3D"">However I'm not sure the =
claim is accurate ($30m funding and no full<br class=3D"">node) but to =
take the hypothetical that this pattern exists, security<br =
class=3D"">people and architects at such companies must insist on the =
company<br class=3D"">running their own full node to depend on and cross =
check from<br class=3D"">otherwise they would be needlessly putting =
their client's funds at<br class=3D"">risk.<br class=3D""></blockquote><br=
 class=3D"">FWIW, blockchain.info is obviously *not* running a full node =
as their<br class=3D"">wallet was accepting invalid confirmations on =
transactions caused by the<br class=3D"">recent BIP66 related fork; =
blockchain.info has $30m in funding.<br class=3D""><br class=3D"">Coinbase=
 also was not running a full node not all that long ago, instead<br =
class=3D"">running a custom Ruby implementation that caused their =
service to go<br class=3D"">down whenever it forked. (and would have =
also accepted invalid<br class=3D"">confirmations) I believe right now =
they're running that implementation<br class=3D"">behind a full node =
however.<br class=3D""><br class=3D""><blockquote type=3D"cite" =
class=3D"">The crypto currency security standards document probably =
covers<br class=3D"">requirement for fullnode somewhere<br class=3D""><a =
href=3D"https://cryptoconsortium.github.io/CCSS/" =
class=3D"">https://cryptoconsortium.github.io/CCSS/</a> - we need some =
kind of basic<br class=3D"">minimum bar standard for companies to aim =
for and this seems like a<br class=3D"">reasonable start!<br =
class=3D""></blockquote><br class=3D"">Actually I've been trying to get =
the CCSS standard to cover full nodes,<br class=3D"">and have been =
getting push-back:<br class=3D""><br class=3D""><a =
href=3D"https://github.com/CryptoConsortium/CCSS/issues/15" =
class=3D"">https://github.com/CryptoConsortium/CCSS/issues/15</a><br =
class=3D""><br class=3D"">tl;dr: Running a full node is *not* required =
by the standard right now<br class=3D"">at any certification level.<br =
class=3D""><br class=3D"">This is of course completely ridiculous... But =
I haven't had much much<br class=3D"">time to put into getting that =
changed so maybe we just need some better<br class=3D"">explanations to =
the others maintaining the standard. That said, if the<br =
class=3D"">standard stays that way, obviously I'm going to have to ask =
to have my<br class=3D"">name taken off it.<br class=3D""></blockquote><br=
 style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; =
line-height: normal; orphans: auto; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; widows: auto; word-spacing: =
0px; -webkit-text-stroke-width: 0px;" class=3D""><span =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; =
line-height: normal; orphans: auto; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; widows: auto; word-spacing: =
0px; -webkit-text-stroke-width: 0px; float: none; display: inline =
!important;" class=3D"">For the record, there=E2=80=99s pretty much =
unanimous agreement that running a full node should be a requirement at =
the higher levels of certification (if not the lower ones as well). =
I=E2=80=99m not sure exactly what pushback you=E2=80=99re referring =
to.</span><br style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><br style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><br style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><blockquote type=3D"cite" style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""><blockquote type=3D"cite" class=3D"">In terms of a =
constructive discussion, I think it's interesting to<br class=3D"">talk =
about the root cause and solutions: decentralisation (more<br =
class=3D"">economically dependent full nodes, lower miner policy =
centralisation),<br class=3D"">more layer 2 work. &nbsp;People =
interested in scaling, if they havent,<br class=3D"">should go read the =
lightning paper, look at the github and participate<br class=3D"">in =
protocol or code work. &nbsp;I think realistically we can have this<br =
class=3D"">running inside of a year. &nbsp;That significantly changes =
the dynamic.<br class=3D"">Similarly a significant part of mining =
centralisation is artificial<br class=3D"">and work is underway that =
will improve that.<br class=3D""></blockquote><br class=3D"">I would =
point out that lack of understanding of how Bitcoin works, as<br =
class=3D"">well as a lack of understanding of security engineering in =
general, is<br class=3D"">probably a significant contributor to these =
problems. Furthermore<br class=3D"">Bitcoin and cryptocurrencies in =
general are still small enough that many<br class=3D"">forseeable low =
probability but high impact events haven't happened,<br class=3D"">making =
it difficult to explain to non-technical stakeholders why they<br =
class=3D"">should be listening to experts rather than charlatans and =
fools.<br class=3D""><br class=3D"">After a few major centralization =
related failures have occured, we'll<br class=3D"">have an easier job =
here. Unfortunately there's also a good chance we<br class=3D"">only get =
one shot at this due to how easy it is to kill PoW systems at<br =
class=3D"">birth...<br class=3D""><br class=3D"">--<br =
class=3D"">'peter'[:-1]@<a href=3D"http://petertodd.org" =
class=3D"">petertodd.org</a><br =
class=3D"">000000000000000014438a428adfcf4d113a09b87e4a552a1608269ff137ef2=
d<br class=3D"">_______________________________________________<br =
class=3D"">bitcoin-dev mailing list<br class=3D""><a =
href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" =
class=3D"">bitcoin-dev@lists.linuxfoundation.org</a><br =
class=3D"">https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev<=
/blockquote></div></blockquote></div><br class=3D""></div></body></html>=

--Apple-Mail=_8C5FC45C-128A-4963-87E5-E41484008EB8--

--Apple-Mail=_C3349B33-F35B-4C62-8C0A-C0A1176B90C0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJVsqCyAAoJEJNAI64YFENUiyEP/iJP+rK42FX0FM1UEaa5FFlo
ND/WWbJyPhAXRXaxENnf17z/48TkGyEi6LY45iZZFZBTPmemJJQO0Qans7HmZ/dY
VzCWee7T0GLva8Z2NMsgJ4bTBEaCI/ku4GlgNt476Ph/M1yVQaClDsPPIkdYe6zZ
z4j+M6tAYCFRnAZBM583cvKV3sceCALhp824FKt4Loie998HLDDsjg4BVLxxWjxX
J3c0F154AiCHOLAz6lc3zHW4gWvZhLjJveg006PlMj9pvp7FyCMJptq2KrZsQ+O2
iF/lht4OHG1u36WvARnwb7pzoXZy51fIYwQb538TzIPLiRi8dfNY0NcusruVHSMg
BjubPv8+Jw/lTQ4Drtgjsf2zcJjAJv5YApnXGzhDyoH+AbKATIntfGl+2s4Uu1ww
LxdYWYyoqaC7pacrsNRmv62wenu5UfHOkygr5687dTO1QYfVqtlibP2YbykvwM1m
9wzWFZeIq7fVRZM/LHYI8N+t3N/ddT41Wmv891Jm+b4znAjwqOr6dXIOfCzqA85Y
QZP89QHVJv4L9Sp4S0WBC1o7VWje3IxnrAheALZ1QJ57bUUMFDebtnYF4PLeI2za
R1OlI9wTm+kXx/IC3y704Q9XFuePrkq0knpvK79fjI67trIYWLHR74c1PfvEAhC3
v7tNSxKMdtji8pJIq2OI
=xuLX
-----END PGP SIGNATURE-----

--Apple-Mail=_C3349B33-F35B-4C62-8C0A-C0A1176B90C0--