Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XEk8k-0002sJ-3K for bitcoin-development@lists.sourceforge.net; Tue, 05 Aug 2014 19:11:18 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.218.49 as permitted sender) client-ip=209.85.218.49; envelope-from=keziahw@gmail.com; helo=mail-oi0-f49.google.com; Received: from mail-oi0-f49.google.com ([209.85.218.49]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XEk8i-0007vq-I1 for bitcoin-development@lists.sourceforge.net; Tue, 05 Aug 2014 19:11:18 +0000 Received: by mail-oi0-f49.google.com with SMTP id u20so930027oif.36 for ; Tue, 05 Aug 2014 12:11:11 -0700 (PDT) X-Received: by 10.182.191.7 with SMTP id gu7mr8544753obc.14.1407265871062; Tue, 05 Aug 2014 12:11:11 -0700 (PDT) MIME-Version: 1.0 Received: by 10.202.61.195 with HTTP; Tue, 5 Aug 2014 12:10:50 -0700 (PDT) In-Reply-To: References: From: Kaz Wesley Date: Tue, 5 Aug 2014 12:10:50 -0700 Message-ID: To: Jeff Garzik Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (keziahw[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1XEk8i-0007vq-I1 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] deterministic transaction expiration X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2014 19:11:18 -0000 > In general, if a transaction has not made it into a block within 144*X blocks, there is _some_ reason it is getting rejected by the miners. This is the crux of my concern: relay policy and miner priorities will not necessarily always be in sync, and node resource management shouldn't rely on them being compatible. There are other solutions than transaction expiration; I think Gavin's idea from the block-squashing thread, in which miners explicitly provide information about their policies, would go a long way to address this. But even when mechanisms for reconciling nodes' expectations about miners' behavior with miners' actual behavior are available, it may be desirable to keep an expiry mechanism in place in case of glitches between node understanding of policy and actual miner policy. Any approach based on beginning a transaction expiry countdown when a transaction is received (as in mempool janitor) seems unviable to me: once a node has forgotten a transaction, it must be susceptible to reaccepting it; all the functionality of such an expiry mechanism depends on the network not containing any nodes with slightly different relay behavior from bitcoind. I could accidentally debilitate mempool janitors across the entire network if I set up two nodes to exchange mempools whenever they reconnected to each other, and restarted each frequently. That's why I think including information in the transaction itself, as with my nLockTime/IsStandard proposal, is necessary for transactions to reliably eventually die off from mempools. There's a modification I've been thinking about: allow a transaction's lifetime to be refreshed (even after expiry) by a child transaction, along the lines of child-pays-for-parent fee policy. This would eliminate the need to reuse a key to make a replacement for an expired transaction (when submitting the tx directly to a miner is not an option), as well as alleviating the potential inconvenience in cases like Peter brought up, where nLockTime is used for exchanged locked transactions as part of a multi-transaction contract. With child-refreshes-parent, a transaction's receivers and senders would have the ability to keep trying to get their payment confirmed, but anyone on the network can't just keep all transactions alive. On Tue, Aug 5, 2014 at 10:48 AM, Jeff Garzik wrote: > Glad this was brought up. > > Transaction expiration is something that I have wanted to see happen in > bitcoin for a long, long time. The user experience of unconfirming > transactions setting around in limbo is just horrible. Bitcoin software by > necessity has gotten better about attaching fees so this sort of behavior is > uncommon, but that does not eliminate the problem. > > Of course, we cannot presume that a transaction will truly disappear -- The > Internet Never Forgets -- but given a bit of mempool adjusting, we can > achieve the next best thing: the majority of the network "forgets" the > transaction and becomes willing to relay a respend of some or all of the > inputs. This uses existing client logic where the client must rebroadcast a > transaction until it is confirmed. > > In general, if a transaction has not made it into a block within 144*X > blocks, there is _some_ reason it is getting rejected by the miners. > > The mempool janitor is a garbage collector design. This is inferior to the > "superblock" model described at > https://github.com/bitcoin/bitcoin/issues/3723 Other models can also > achieve similar results. > > There are a lot of issues tied together here: transaction expiration, the > desire to cap the mempool ram usage, scalability, DoS prevention, ... > mempool ties a lot together. > > -- > Jeff Garzik > Bitcoin core developer and open source evangelist > BitPay, Inc. https://bitpay.com/