Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.217.178 as permitted sender)
	client-ip=209.85.217.178; envelope-from=gmaxwell@gmail.com;
	helo=mail-lb0-f178.google.com; 
MIME-Version: 1.0
In-Reply-To: <CAPg+sBjmXyLkgfwzC8h+ZFkmyUf6nzbGo0oAWR9nsJOTOfOXEg@mail.gmail.com>
References: <519AC3A8.1020306@quinnharris.me>
	<CA+i0-i_+Tes+ePRqmDGEXDQ_L=S5y8gHBKk77zaLgTGOS3OMyA@mail.gmail.com>
	<CAPg+sBjmXyLkgfwzC8h+ZFkmyUf6nzbGo0oAWR9nsJOTOfOXEg@mail.gmail.com>
Date: Mon, 20 May 2013 20:54:25 -0700
Message-ID: <CAAS2fgRCpXUgw=GpE9_AcTgWcdCaDC6_16Xp5+oOZC0_1xmf-w@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Pieter Wuille <pieter.wuille@gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Double Spend Notification
Precedence: list

On Mon, May 20, 2013 at 6:56 PM, Pieter Wuille <pieter.wuille@gmail.com> wr=
ote:
> On Tue, May 21, 2013 at 3:24 AM, Robert Backhaus <robbak@robbak.com> wrot=
e:
>> So the decision has been made to make 0-conf double spends trivial, so n=
o
>> one will ever trust 0-confs. If a later transaction appears with a large=
r
>> fee, it will be considered to be the valid one, and the first one droppe=
d,
>> as long as the first one has not been confirmed. This makes undoing a
>> mistaken transaction possible.
> This has been suggested, but I know of no such decision having been made.

Indeed. I've argued against it pretty aggressively, but I am starting
to find arguments for and against pure fee-based replacement more
equally persuasive.

Regardless of the eventual outcome, fees today aren't a major
motivator vs subsidy and overall network health=E2=80=94 and even if some
protection isn't 100% there are plenty of cases where the risk is
averaged across many small transactions and any reduction of risk is a
reduction in operating cost.   (No one is going to double spend your
soda machine at high speed=E2=80=94 so you can like increase your prices by
the amount of successful double spends you experience and call it
done)

On the other hand, it's well established that people underestimate the
costs of unlikely risks. More deterministic behavior can result in
safer interactions more than _better_ behavior. If we believe that in
the long term self-interest will result in pure-fee based replacement
being wide spread then it is also good to not build a dependency on
behavior that will not last.

One point that was only recently exposed to me is that replacement
combined with child-pays-for-parent creates a new kind of double spend
_defense_: If someone double spends a payment to an online key of
yours, you can instantly produce a child transaction that pays 100% of
the double spend to fees... so a double spender can hurt you but not
profit from it.  (and if your side of the transaction is
potentially/partially reversible he will lose)...

But then again, a race to burn more money is kinda ... odd and even if
the benefit of resisting the double spends is only a short term
benefit, a short term benefit can be greatly important in encouraging
Bitcoin adoption. ... and the long term behavior is far from certain.

So at least from my position it's far from clear what should be done here.

I've noticed a number of people who seem to be swayed by replace by
fee=E2=80=94 or at least its inevitability if not value. So even ignoring
developers there may evolve a community consensus here regardless of
what I think about it.

My SO pointed that that the transaction burning race described above
sounds like an economists wet dream: it's one of those silly cases
they use in experiments to probe human behavior... except it sounds
like a possible eventual outcome in systems used by people.  Perhaps
it would be useful to point some graduate students at this question
and see what they can come up with about it.