From: Luke Dashjr <luke@dashjr.org>
To: bitcoin-dev@lists.linuxfoundation.org,
	Gavin Andresen <gavinandresen@gmail.com>
Date: Sat, 6 Feb 2016 00:12:25 +0000
User-Agent: KMail/1.13.7 (Linux/4.1.13-gentoo; KDE/4.14.8; x86_64; ; )
References: <CABsx9T1Bd0-aQg-9uRa4u3dGA5fKxaj8-mEkxVzX8mhdj4Gt2g@mail.gmail.com>
In-Reply-To: <CABsx9T1Bd0-aQg-9uRa4u3dGA5fKxaj8-mEkxVzX8mhdj4Gt2g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Message-Id: <201602060012.26728.luke@dashjr.org>
Subject: Re: [bitcoin-dev] BIP proposal: Increase block size limit to 2
	megabytes
Precedence: list

On Friday, February 05, 2016 8:51:08 PM Gavin Andresen via bitcoin-dev wrote:
> Blog post on a couple of the constants chosen:
>   http://gavinandresen.ninja/seventyfive-twentyeight

Can you put this in the BIP's Rationale section (which appears to be mis-named 
"Discussion" in the current draft)?

> Signature operations in un-executed branches of a Script are not counted
> OP_CHECKMULTISIG evaluations are counted accurately; if the signature for a
> 1-of-20 OP_CHECKMULTISIG is satisified by the public key nearest the top
> of the execution stack, it is counted as one signature operation. If it is
> satisfied by the public key nearest the bottom of the execution stack, it
> is counted as twenty signature operations. Signature operations involving
> invalidly encoded signatures or public keys are not counted towards the
> limit

These seem like they will break static analysis entirely. That was a noted 
reason for creating BIP 16 to replace BIP 12. Is it no longer a concern? Would 
it make sense to require scripts to commit to the total accurate-sigop count 
to fix this?

> The amount of data hashed to compute signature hashes is limited to
> 1,300,000,000 bytes per block.

The rationale for this wasn't in your blog post. I assume it's based on the 
current theoretical max at 1 MB blocks? Even a high-end PC would probably take 
40-80 seconds just for the hashing, however - maybe a lower limit would be 
best?

> Miners express their support for this BIP by ...

But miners don't get to decide hardforks. How does the economy express their 
support for it? What happens if miners trigger it without consent from the 
economy?

If you are intent on using the version bits to trigger the hardfork, I suggest 
rephrasing this such that miners should only enable the bit when they have 
independently confirmed economic support (this means implementations need a 
config option that defaults to off).

> SPV (simple payment validation) wallets are compatible with this change.

Would prefer if this is corrected to "Light clients" or something. Actual SPV 
wallets do not exist at this time, and would not be compatible with a 
hardfork.

> In the short term, an increase is needed to continue the current economic
> policies with regards to fees and block space, matching market expectations
> and preventing market disruption.

IMO this sentence is the most controversial part of your draft, and it 
wouldn't suffer a loss to remove it (or at least make it subjective).

I would also prefer to see any hardfork:

1. Address at least the simple tasks on the hardfork wishlist (eg, enable some
   disabled opcodes; fix P2SH for N-of->15 multisig; etc).
2. Be deployed as a soft-hardfork so as not to leave old nodes entirely
   insecure.

Luke