To: Luke Dashjr <luke@dashjr.org>, bitcoin-dev@lists.linuxfoundation.org
References: <4a132f8a-22e3-8e31-e338-bed9ef46d2ef@mattcorallo.com>
 <202001102337.53397.luke@dashjr.org>
From: Matt Corallo <lf-lists@mattcorallo.com>
Message-ID: <e77c5ee7-bb47-477b-2458-778d4b5c2231@mattcorallo.com>
Date: Tue, 14 Jan 2020 19:22:47 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <202001102337.53397.luke@dashjr.org>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Subject: Re: [bitcoin-dev] Modern Soft Fork Activation
Precedence: list

Good thing no one is proposing a naive BIP 9 approach :). I'll note that
BIP 9 has been fairly robust (spy-mining issues notwithstanding, which
we believe are at least largely solved in the wild) in terms of safety,
though I noted extensively in the first mail that it failed in terms of
misunderstanding the activation parameters. I think the above proposal
largely solves that, and I don't see much in the way of arguing that
point from you, here.

As an aside, BIP 9 is also the Devil We Know, which carries a lot of
value, since we've found (and addressed) direct issues with it, whereas
all other activation methods we have ~0 experience with in the modern
Bitcoin network.

On 1/10/20 11:37 PM, Luke Dashjr wrote:
> I think BIP 9 is a proven failure, and flag day softforks have their own 
> problems:
> 
> A) There is no way to unambiguously say "the rules for this chain are 
> <x,y,z>". It leaves the chain in a kind of "quantum state" where the rules 
> could be one thing, or could be another. Until the new rules are violated, we 
> do not know if the softfork was a success or not. Because of this, people 
> will rightly shy away from relying on the new rules. This problem is made 
> worse by the fact that common node policies might not produce blocks which 
> violate the rules. If we had gone with BIP149 for Segwit, it is IMO probable 
> we would still not have a clear answer today to "Is Segwit active or not?"
> 
> B) Because of (A), there is also no clear way to intentionally reject the 
> softfork. Those who do not consent to it are effectively compelled to accept 
> it anyway. While it is usually possible to craft an opposing softfork, this 
> should IMO be well-defined and simple to do (including a plan to do so in any 
> BIP9-alike spec).
> 
> For these reasons, in 2017, I proposed revising BIP 8 with a mandatory signal, 
> similar to how BIP148 worked: https://github.com/bitcoin/bips/pull/550
> However, the author of BIP 8 has since vanished, and because we had no 
> immediate softfork plans, efforts to move this forward were abandoned 
> temporarily. It seems like a good time to resume this work.
> 
> In regard to your goal #3, I would like to note that after the mandatory 
> signal period, old miners could resume mining unchanged. This means there is 
> a temporary loss of hashrate to the network, but I think it is overall better 
> than the alternatives. The temporary loss of income from invalid blocks will 
> also give affected miners a last push to upgrade, hopefully improving the 
> long run security of the network hashrate.
> 
> Luke
> 
> (P.S. As for your #1, I do think it is oversimplified in some cases, but we 
> should leave that for later discussion when it actually becomes relevant.)