Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YPH5E-0007rA-Av for bitcoin-development@lists.sourceforge.net; Sat, 21 Feb 2015 20:55:28 +0000 X-ACL-Warn: Received: from mail-ig0-f177.google.com ([209.85.213.177]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YPH59-0003et-1z for bitcoin-development@lists.sourceforge.net; Sat, 21 Feb 2015 20:55:28 +0000 Received: by mail-ig0-f177.google.com with SMTP id z20so10518426igj.4 for ; Sat, 21 Feb 2015 12:55:17 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=GvKNnvrMOtblNc/pHXRf1PpWuGkQ+LbadezcVE1Q6p4=; b=lxgl2CowuaajPXwXVPKkenmIV7anM9gVbBkQhZ4BsDCmtIADBwLxnsYHVa1RxGqGAQ Um+7mwzaqvNUx6vqn4QSbSGmPbaS1XEMmxobp45hDyifkNbIjvgSuc4+WOuXSke8Y3Hf N0LcqECvqjv3gVYfKNxws1OBS/3w4FaUzOH9OnWEP6ilTXr+ANSnOgnAEzvqASBBQtxa WsUiStOOoewKw+tKIrSyxf9e8cCDLb5dVjs/0BPYbnVtPtd4FEXSQL6ioh++BZCAWFv0 yltQiW4JDW5oclFtRckOE8xkxXCiOalS/1QBv75V+xy9GXKmkU2Vy2ArPJwAAan3s2e/ t3Iw== X-Gm-Message-State: ALoCoQkbj7WmbERc9FP0h8YAP0m1iKblVvxltbUOQTsaO0DO6zmgfFKCuJo74evdEIAolXv7TWC4 MIME-Version: 1.0 X-Received: by 10.107.27.143 with SMTP id b137mr5060613iob.76.1424550612054; Sat, 21 Feb 2015 12:30:12 -0800 (PST) Received: by 10.107.5.69 with HTTP; Sat, 21 Feb 2015 12:30:11 -0800 (PST) X-Originating-IP: [50.0.37.37] Received: by 10.107.5.69 with HTTP; Sat, 21 Feb 2015 12:30:11 -0800 (PST) In-Reply-To: References: <20150212064719.GA6563@savin.petertodd.org> <20150215212512.GR14804@nl.grid.coop> <54E11248.6090401@gmail.com> <20150219085604.GT14804@nl.grid.coop> Date: Sat, 21 Feb 2015 12:30:11 -0800 Message-ID: From: Mark Friedenbach To: =?UTF-8?B?Sm9yZ2UgVGltw7Nu?= Content-Type: multipart/alternative; boundary=001a1140a87c3276b3050f9f0931 X-Spam-Score: 1.0 (+) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1YPH59-0003et-1z Cc: Bitcoin Development Subject: Re: [Bitcoin-development] replace-by-fee v0.10.0rc4 X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2015 20:55:28 -0000 --001a1140a87c3276b3050f9f0931 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Thank you Jorge for the contribution of the Stag Hunt terminology. It is much better than a politically charged "scorched earth". On Feb 21, 2015 11:10 AM, "Jorge Tim=C3=B3n" wrote: > I agree "scorched hearth" is a really bad name for the 0 conf protocol > based on game theory. I would have preferred "stag hunt" since that's > basically what it's using (see http://en.wikipedia.org/wiki/Stag_hunt) > but I like the protocol and I think it would be interesting to > integrate it in the payment protocol. > Even if that protocol didn't existed or didn't worked, replace-by-fee > is purely part of a node's policy, not part of consensus. > >From the whitepaper, 0 conf transactions being secure by the good will > of miners was never an assumption, and it is clear to me that the > system cannot provide those guaranties based on such a weak scheme. I > believe thinking otherwise is naive. > As to consider non-standard policies "an attack to bitcoin" because > "that's not how bitcoin used to work", then I guess minimum relay fee > policies can also be considered "an attack to bitcoin" on the same > grounds. > Lastly, "first-seen-wins" was just a simple policy to bootstrap the > system, but I expect that most nodes will eventually move to policies > that are economically rational for miners such as replace-by-fee. > Not only I disagree this will be "the end of bitcoin" or "will push > the price of the btc miners are mining down", I believe it will be > something good for bitcoin. > Since this is apparently controversial I don't want to push for > replace-by-fee to become the new standard policy (something that would > make sense to me). But once the policy code is sufficiently modular as > to support several policies I would like bitcoin core to have a > CReplaceByFeePolicy alongside CStandardPolicy and a CNullPolicy (no > policy checks at all). > One step at a time I guess... > > > On Thu, Feb 19, 2015 at 9:56 AM, Troy Benjegerdes wrote= : > > On Sun, Feb 15, 2015 at 11:40:24PM +0200, Adam Gibson wrote: > >> > >> > >> On 02/15/2015 11:25 PM, Troy Benjegerdes wrote: > >> > > >> > Most money/payment systems include some method to reverse or undo > >> > payments made in error. In these systems, the longer settlement > >> > times you mention below are a feature, not a bug, and give more > >> > time for a human to react to errors and system failures. > >> > > >> > >> Settlement has to be final somewhere. That is the whole point of it. > >> Transfer costs in current electronic payment systems are a direct > >> consequence of their non-finality. That's the point Satoshi was making > >> in the introduction to the whitepaper: "With the possibility of > >> reversal, the need for trust spreads". > > > > The problem with that statement is I trust a merchant that I went into > > a store and made a payment with personally more than I trust the firmwa= re > > on my hard drive [1]. > > > > The attack surface of devices in your computer is huge. A motivated > attacker > > just needs to get an intern into a company that makes some kind of > component > > or system that's in your computer, cloud server, hardware wallet, or wh= at > > have you that has firmware capable of reading your private keys. > > > > With the possibility of mass trojaned hardware, if we are going to trus= t > > the system, it must somehow allow reversal through a human-in-the-loop. > > > >> There is nothing wrong with having reversible mechanisms built on top > >> of Bitcoin, and indeed it makes sense for most activity to happen at > >> those higher layers. It's easy to build things that way, but > >> impossible to build them the other way: you can't build a > >> non-reversible layer on top of a reversible layer. > > > > We built 'reliable' TCP on top of unreliable ethernet networks. My > experience > > with networking was if you tried to guarantee message delivery at the > lowest > > level, the system got exceedingly complicated, expensive, and brittle. > > > > Most applications, in particular paying someone you already trust, are > quite > > happy running on reversible systems, and in some cases more reliable an= d > > lower risk. (carrying non-reversible cash is generally considered risky= ) > > > > The problem is that if the base currency is assumed to be non-reversibl= e, > > then it's brittle and becomes 'too big to fail'. > > > > Where the blockchain improves on everything else is in transparency. If > you > > reverse transactions a lot, it will be obvious from an analysis. I woul= d > much > > rather deal with a known, predictable, and relatively continous > transaction > > reversal rate (percentage) than have to deal with sudden failures where > > some anonymous bad actor makes off with a fortune. > > > > We already have zero-conf double-spend transaction reversal, why not > explicitly > > extend that a little in a way that senders and receivers have a choice = to > > use it, or not? > > > > > > [1] > http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1Q= V20150216 > > > > > -------------------------------------------------------------------------= ----- > > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > > from Actuate! Instantly Supercharge Your Business Reports and Dashboard= s > > with Interactivity, Sharing, Native Excel Exports, App Integration & mo= re > > Get technology previously reserved for billion-dollar corporations, FRE= E > > > http://pubads.g.doubleclick.net/gampad/clk?id=3D190641631&iu=3D/4140/ostg= .clktrk > > _______________________________________________ > > Bitcoin-development mailing list > > Bitcoin-development@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > -------------------------------------------------------------------------= ----- > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > > http://pubads.g.doubleclick.net/gampad/clk?id=3D190641631&iu=3D/4140/ostg= .clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > --001a1140a87c3276b3050f9f0931 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Thank you Jorge for the contribution of the Stag Hunt termin= ology. It is much better than a politically charged "scorched earth&qu= ot;.

On Feb 21, 2015 11:10 AM, "Jorge Tim=C3=B3n= " <jtimon@jtimon.cc> wrote:
I agree "scorched hearth" is a really bad name= for the 0 conf protocol
based on game theory. I would have preferred "stag hunt" since th= at's
basically what it's using (see http://en.wikipedia.org/wiki/Stag_hunt) but I like the protocol and I think it would be interesting to
integrate it in the=C2=A0 payment protocol.
Even if that protocol didn't existed or didn't worked, replace-by-f= ee
is purely part of a node's policy, not part of consensus.
>From the whitepaper, 0 conf transactions being secure by the good will<= br> of miners was never an assumption, and it is clear to me that the
system cannot provide those guaranties based on such a weak scheme. I
believe thinking otherwise is naive.
As to consider non-standard policies "an attack to bitcoin" becau= se
"that's not how bitcoin used to work", then I guess minimum r= elay fee
policies can also be considered "an attack to bitcoin" on the sam= e
grounds.
Lastly, "first-seen-wins" was just a simple policy to bootstrap t= he
system, but I expect that most nodes will eventually move to policies
that are economically rational for miners such as replace-by-fee.
Not only I disagree this will be "the end of bitcoin" or "wi= ll push
the price of the btc miners are mining down", I believe it will be
something good for bitcoin.
Since this is apparently controversial I don't want to push for
replace-by-fee to become the new standard policy (something that would
make sense to me). But once the policy code is sufficiently modular as
to support several policies I would like bitcoin core to have a
CReplaceByFeePolicy alongside CStandardPolicy and a CNullPolicy (no
policy checks at all).
One step at a time I guess...


On Thu, Feb 19, 2015 at 9:56 AM, Troy Benjegerdes <hozer@hozed.org> wrote:
> On Sun, Feb 15, 2015 at 11:40:24PM +0200, Adam Gibson wrote:
>>
>>
>> On 02/15/2015 11:25 PM, Troy Benjegerdes wrote:
>> >
>> > Most money/payment systems include some method to reverse or = undo
>> > payments made in error. In these systems, the longer settleme= nt
>> > times you mention below are a feature, not a bug, and give mo= re
>> > time for a human to react to errors and system failures.
>> >
>>
>> Settlement has to be final somewhere. That is the whole point of i= t.
>> Transfer costs in current electronic payment systems are a direct<= br> >> consequence of their non-finality. That's the point Satoshi wa= s making
>> in the introduction to the whitepaper: "With the possibility = of
>> reversal, the need for trust spreads".
>
> The problem with that statement is I trust a merchant that I went into=
> a store and made a payment with personally more than I trust the firmw= are
> on my hard drive [1].
>
> The attack surface of devices in your computer is huge. A motivated at= tacker
> just needs to get an intern into a company that makes some kind of com= ponent
> or system that's in your computer, cloud server, hardware wallet, = or what
> have you that has firmware capable of reading your private keys.
>
> With the possibility of mass trojaned hardware, if we are going to tru= st
> the system, it must somehow allow reversal through a human-in-the-loop= .
>
>> There is nothing wrong with having reversible mechanisms built on = top
>> of Bitcoin, and indeed it makes sense for most activity to happen = at
>> those higher layers. It's easy to build things that way, but >> impossible to build them the other way: you can't build a
>> non-reversible layer on top of a reversible layer.
>
> We built 'reliable' TCP on top of unreliable ethernet networks= . My experience
> with networking was if you tried to guarantee message delivery at the = lowest
> level, the system got exceedingly complicated, expensive, and brittle.=
>
> Most applications, in particular paying someone you already trust, are= quite
> happy running on reversible systems, and in some cases more reliable a= nd
> lower risk. (carrying non-reversible cash is generally considered risk= y)
>
> The problem is that if the base currency is assumed to be non-reversib= le,
> then it's brittle and becomes 'too big to fail'.
>
> Where the blockchain improves on everything else is in transparency. I= f you
> reverse transactions a lot, it will be obvious from an analysis. I wou= ld much
> rather deal with a known, predictable, and relatively continous transa= ction
> reversal rate (percentage) than have to deal with sudden failures wher= e
> some anonymous bad actor makes off with a fortune.
>
> We already have zero-conf double-spend transaction reversal, why not e= xplicitly
> extend that a little in a way that senders and receivers have a choice= to
> use it, or not?
>
>
> [1] http://www.reuters.com/artic= le/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216
>
> ----------------------------------------------------------------------= --------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboar= ds
> with Interactivity, Sharing, Native Excel Exports, App Integration &am= p; more
> Get technology previously reserved for billion-dollar corporations, FR= EE
> http://pubads.g.doubleclick.ne= t/gampad/clk?id=3D190641631&iu=3D/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-d= evelopment@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitco= in-development

---------------------------------------------------------------------------= ---
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & mo= re
Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gam= pad/clk?id=3D190641631&iu=3D/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment
--001a1140a87c3276b3050f9f0931--