Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <jgarzik@bitpay.com>) id 1YQ42S-0000LX-W8
	for bitcoin-development@lists.sourceforge.net;
	Tue, 24 Feb 2015 01:11:53 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of bitpay.com
	designates 209.85.218.43 as permitted sender)
	client-ip=209.85.218.43; envelope-from=jgarzik@bitpay.com;
	helo=mail-oi0-f43.google.com; 
Received: from mail-oi0-f43.google.com ([209.85.218.43])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1YQ42S-0002Uz-3E
	for bitcoin-development@lists.sourceforge.net;
	Tue, 24 Feb 2015 01:11:52 +0000
Received: by mail-oi0-f43.google.com with SMTP id z81so16769959oif.2
	for <bitcoin-development@lists.sourceforge.net>;
	Mon, 23 Feb 2015 17:11:46 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:cc:content-type;
	bh=dWrVzX3D/iwg8VfxPyD0oKuptxD61Mc0hjNNCK/aL3g=;
	b=e7/vjhgrbRGdKt8MQSDr9N/DHKBSyfwhQerBr8yVMDDBPghUle+LsssV0i2zGs2CL0
	hBBNNFj0vmyoljI7U0pTkv878zCIYdIsaWwVTglznvY9Sh6qD+G4yWykut5YuxbVE1x4
	vR20ocsMCTVaQ1ahsWdMXSlIvB0Io3lhiJhtki4MIsRaWpOwoDCTMWuYpQJ7Tb4JJSh8
	SPvw4ax9Df+nr6QGGUFHyma6qkjokrsC7GD+ZHCvTUL/9Od3rCg23v7she/b8SGLqXJr
	aOuHEMQZqZ8v3AswXE0q4xqNByE9Qtmfhdn6gFXQKEdw31Ug3yPvWDu+GMLpkoWfl42D
	j6iA==
X-Gm-Message-State: ALoCoQldMDzVVyjFj84PxVIS7EdAfVN43GPDIppkEZnnfQVbgsFgp6HtogFoQxasfMc9i153+oe0
X-Received: by 10.202.174.69 with SMTP id x66mr8875267oie.79.1424740306640;
	Mon, 23 Feb 2015 17:11:46 -0800 (PST)
MIME-Version: 1.0
Received: by 10.202.219.10 with HTTP; Mon, 23 Feb 2015 17:11:26 -0800 (PST)
In-Reply-To: <CABr1YTdrkJfFNua5cq9mFMo8-onB220xSH=9keUCjcvNVsZiLA@mail.gmail.com>
References: <20150212064719.GA6563@savin.petertodd.org>
	<CANEZrP2uVT_UqJbzyQcEbiS78T68Jj2cH7OGXv5QtYiCwArDdA@mail.gmail.com>
	<CAJHLa0PkzG44JpuQoHVLUU8SR55LaJf5AwG=a7AjK2u7TAveOQ@mail.gmail.com>
	<20150215212512.GR14804@nl.grid.coop> <54E11248.6090401@gmail.com>
	<20150219085604.GT14804@nl.grid.coop>
	<CABm2gDorEFNzzHH2bxpo6miv1H0RUhL9uAYX6gg2aW0wB1QDbw@mail.gmail.com>
	<CAOG=w-uJFobZtkd8OoPnOJC3uqCOwjsqyfNWJTg3j3sJQn+wXQ@mail.gmail.com>
	<CAJHLa0M4Tc7kiQVNmBfMBvSqFyrmHXdaNh7mF+crAdME5FUWHg@mail.gmail.com>
	<CABm2gDpMagWHsBn1t_oLO2bESgD2NUpefYw-gePFaBCNmpXviQ@mail.gmail.com>
	<CAJHLa0ObR32wg7TEJ2XHgZ=9=Z+yFsXjF3JCz+4d5mdp1=xu4Q@mail.gmail.com>
	<CABr1YTcr9C4uoXFfTJ6BEGHaw1a3dV_J=SE=fZbbpZRdTtD8tw@mail.gmail.com>
	<CABr1YTefbYqqtx0fSm_GBASxE2Za9EGWOPM2A5X4PRxbVemyiw@mail.gmail.com>
	<CABr1YTfZDSpyMLNi2pYORh01f_G3tL0rcw2Zo0m_P4-vjsJfmQ@mail.gmail.com>
	<F357F1A0-BE23-464B-8A14-6A205D440092@petertodd.org>
	<CABr1YTdrkJfFNua5cq9mFMo8-onB220xSH=9keUCjcvNVsZiLA@mail.gmail.com>
From: Jeff Garzik <jgarzik@bitpay.com>
Date: Mon, 23 Feb 2015 20:11:26 -0500
Message-ID: <CAJHLa0Orx7KD1R8ijdZHQS1+S=nuD9G4X_bkdRqUk44U-+OPbg@mail.gmail.com>
To: Eric Lombrozo <elombrozo@gmail.com>
Content-Type: text/plain; charset=UTF-8
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1YQ42S-0002Uz-3E
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] replace-by-fee v0.10.0rc4
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 24 Feb 2015 01:11:53 -0000

On Sun, Feb 22, 2015 at 6:29 PM, Eric Lombrozo <elombrozo@gmail.com> wrote:
> As for 0-conf security, there are instances where 0-conf transactions make a
> lot of sense - i.e. paying for utilities, ISP, web hosting, or other such
> services which could be immediately shut off upon detection of a
> double-spend.

Indeed.  0-conf risk calculus must include business conditions.

Business cases such as placing an order for a physical good, making an
in-person purchase at a brick-n-mortar store, or subscriptions already
have countermeasures in place if funds go astray.  Order fulfilment
can be stopped, subscriptions cancelled, photos handed to police.

A thief wants to maximize return, which usually means either stealing
a few large amounts or many small amounts.  Double-spending against a
SatoshiDICE clone is easy to automate.  Many other purchase situations
are difficult to repeat without getting caught, or the level of effort
(cost) is greater than the payout of double-spending a small amount.
0-conf is typically only used for small amounts, where useful theft
relies on high repetition.

Purely online, mostly anonymous services like SatoshiDICE will be
easily attacked if they accept 0-conf transactions as there is little
customer/reputation relationship to leverage.  However, that
observation cannot be easily applied to most other businesses.

-- 
Jeff Garzik
Bitcoin core developer and open source evangelist
BitPay, Inc.      https://bitpay.com/