Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.192.178 as permitted sender)
	client-ip=209.85.192.178; envelope-from=elombrozo@gmail.com;
	helo=mail-pd0-f178.google.com; 
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
Content-Type: multipart/signed;
	boundary="Apple-Mail=_662DD05E-826F-4A21-9B92-A3CD3128D3F4";
	protocol="application/pgp-signature"; micalg=pgp-sha512
From: Eric Lombrozo <elombrozo@gmail.com>
In-Reply-To: <8a49c53a032503eeca4f51cdef725fe1@riseup.net>
Date: Sat, 20 Jun 2015 17:19:08 -0700
Message-Id: <B4B8DB86-C03A-4C79-BD94-3E073D5E7003@gmail.com>
References: <20150619103959.GA32315@savin.petertodd.org>
	<04CE3756-B032-464C-8FBD-7ACDD1A3197D@gmail.com>
	<812d8353e66637ec182da31bc0a9aac1@riseup.net>
	<1727885.UUNByX4Jyd@crushinator>
	<83A7C606-B601-47D2-BE10-2A1412D97514@gmail.com>
	<CABm2gDrHFB_XtQXVvoFeEH5TUfWSc3JLcNuo-oSXNJaExB+Vdg@mail.gmail.com>
	<8a49c53a032503eeca4f51cdef725fe1@riseup.net>
To: justusranvier@riseup.net
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] F2Pool has enabled full replace-by-fee
Precedence: list


--Apple-Mail=_662DD05E-826F-4A21-9B92-A3CD3128D3F4
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_BBEDAE13-DF98-4C94-B7CF-60EA84F15161"


--Apple-Mail=_BBEDAE13-DF98-4C94-B7CF-60EA84F15161
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8


> On Jun 20, 2015, at 4:37 PM, justusranvier@riseup.net wrote:
>=20
> Signed PGP part
> On 2015-06-20 18:20, Jorge Tim=C3=B3n wrote:
> > On Fri, Jun 19, 2015 at 6:42 PM, Eric Lombrozo <elombrozo@gmail.com>
> > wrote:
> >> If we want a non-repudiation mechanism in the protocol, we should
> >> explicitly define one rather than relying on =E2=80=9Cprima =
facie=E2=80=9D
> >> assumptions. Otherwise, I would recommend not relying on the =
existence
> >> of a signed transaction as proof of intent to pay=E2=80=A6
> >
> > Non-repudiation can be built on top of the payment protocol layer.
>=20
>=20
> Non-repudiation is an intrinsic property of the ECDSA signatures which
> Bitcoin uses - it's not a feature that needs to be built.
>=20
> There's no way to accidentally sign a transaction and accidentally
> announce it publicly. There is no form of third-party error that can
> result in a payee receiving an erroneous contract.
>=20
>=20

Justus,

We don=E2=80=99t even have a concept of identity in the Bitcoin =
protocol, let alone non-repudiation. What good is non-repudiation if =
there=E2=80=99s no way to even associate a signature with a legal =
entity?

Sure, we could use the ECDSA signatures in transactions as part of a =
non-repudiation scheme - but the recipient would have to also have a =
means to establish the identity of the sender and associate it with the =
the transaction.


Furthermore, in light of the fact that there *are* fully legitimate use =
cases for sending conflicting transactions=E2=80=A6and the fact that =
determination of intent isn=E2=80=99t always entirely clear=E2=80=A6we =
should refrain from attaching any further significance transaction =
signatures other than that =E2=80=9Cthe sender was willing to have it =
included in the blockchain if a miner were to have seen it and accepted =
it=E2=80=A6but perhaps the sender would have changed their mind before =
it actually did get accepted.=E2=80=9D

- Eric Lombrozo

--Apple-Mail=_BBEDAE13-DF98-4C94-B7CF-60EA84F15161
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><br class=3D""><div><blockquote type=3D"cite" class=3D""><div =
class=3D"">On Jun 20, 2015, at 4:37 PM, <a =
href=3D"mailto:justusranvier@riseup.net" =
class=3D"">justusranvier@riseup.net</a> wrote:</div><br =
class=3D"Apple-interchange-newline"><div class=3D""><fieldset =
style=3D"padding-top:10px; border:0px; border: 3px solid #CCC; =
padding-left: 20px;" class=3D""><legend style=3D"font-weight:bold" =
class=3D"">Signed PGP part</legend><div style=3D"padding-left:3px;" =
class=3D"">On 2015-06-20 18:20, Jorge Tim=C3=B3n wrote:<br class=3D"">&gt;=
 On Fri, Jun 19, 2015 at 6:42 PM, Eric Lombrozo &lt;<a =
href=3D"mailto:elombrozo@gmail.com" =
class=3D"">elombrozo@gmail.com</a>&gt;<br class=3D"">&gt; wrote:<br =
class=3D"">&gt;&gt; If we want a non-repudiation mechanism in the =
protocol, we should<br class=3D"">&gt;&gt; explicitly define one rather =
than relying on =E2=80=9Cprima facie=E2=80=9D<br class=3D"">&gt;&gt; =
assumptions. Otherwise, I would recommend not relying on the =
existence<br class=3D"">&gt;&gt; of a signed transaction as proof of =
intent to pay=E2=80=A6<br class=3D"">&gt;<br class=3D"">&gt; =
Non-repudiation can be built on top of the payment protocol layer.<br =
class=3D""><br class=3D""><br class=3D"">Non-repudiation is an intrinsic =
property of the ECDSA signatures which<br class=3D"">Bitcoin uses - it's =
not a feature that needs to be built.<br class=3D""><br class=3D"">There's=
 no way to accidentally sign a transaction and accidentally<br =
class=3D"">announce it publicly. There is no form of third-party error =
that can<br class=3D"">result in a payee receiving an erroneous =
contract.<br class=3D""></div></fieldset><br class=3D""><br =
class=3D""></div></blockquote></div><br class=3D""><div =
class=3D"">Justus,</div><div class=3D""><br class=3D""></div><div =
class=3D"">We don=E2=80=99t even have a concept of identity in the =
Bitcoin protocol, let alone non-repudiation. What good is =
non-repudiation if there=E2=80=99s no way to even associate a signature =
with a legal entity?</div><div class=3D""><br class=3D""></div><div =
class=3D"">Sure, we could use the ECDSA signatures in transactions as =
part of a non-repudiation scheme - but the recipient would have to also =
have a means to establish the identity of the sender and associate it =
with the the transaction.</div><div class=3D""><br class=3D""></div><div =
class=3D""><br class=3D""></div><div class=3D"">Furthermore, in light of =
the fact that there *are* fully legitimate use cases for sending =
conflicting transactions=E2=80=A6and the fact that determination of =
intent isn=E2=80=99t always entirely clear=E2=80=A6we should refrain =
from attaching any further significance transaction signatures other =
than that =E2=80=9Cthe sender was willing to have it included in the =
blockchain if a miner were to have seen it and accepted it=E2=80=A6but =
perhaps the sender would have changed their mind before it actually did =
get accepted.=E2=80=9D</div><div class=3D""><br class=3D""></div><div =
class=3D"">- Eric Lombrozo</div></body></html>=

--Apple-Mail=_BBEDAE13-DF98-4C94-B7CF-60EA84F15161--

--Apple-Mail=_662DD05E-826F-4A21-9B92-A3CD3128D3F4
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJVhgL8AAoJEJNAI64YFENUB+MP+wZPGXO1Ph77RCKVMFrVoyZY
nEa5fRHPMvRqlygf9E+r60hSPDHtjnjeUQoGfslrHizppyJ/3U4O+qTWFyjcad/B
bFzZVgvsB9zrT+F8Y6DmApd7QKxDSxb2GlKNcovY5B7wTsrjcyiu/eZT2sxZtBM2
GQyUKeqUyGp1lR3t8px3mEToAe46y0E/lVICVeYfDDpPIswSpxa2CBxDCuoWklSH
R5rQww6xiovWwkmF8aLEfsXHVQ/Z/I6FMoV28wyZQ6JbsITr3aaNDmCOr02b2F3X
VdPu5h1JjsI6DVJALRllFemQGHSM0l8DMk2reK0R0RogfNQwKPKlq6mxP4hng+9y
3Jje1s5jmSVQHfs8wzM9B4pRUSqK2uVJNjPKO0IczRR5TxYZLt/2IE/7vqPp5F5d
8JW/aiTiuZAqf5ikegzbeq/x7kMblKBEY/WAkgBg6ibLXTSABWhh1SqH3VIo2HwM
3OUiLC0KL3n/SSguoZnBVars1U4IB3HFHyhIo1NzKI0lG1CnMX82QC0hNSLK3YXm
tGlZsVaKZ6NxfgpSl/heB/sGzFtwcJboPQ4wfLSDL4QWf78RCDCYxes/TEg9WWfe
go3crpeKHpAHBfu2uD5elAmhPcFHPTHje+cx9FqwtH0gfilFLaDO9khsfpL1vDg6
51M+ORUHqEcLvH1t8y6B
=9odg
-----END PGP SIGNATURE-----

--Apple-Mail=_662DD05E-826F-4A21-9B92-A3CD3128D3F4--