MIME-Version: 1.0
In-Reply-To: <5591EA1B.1050709@thinlink.com>
References: <20150629050726.GA502@savin.petertodd.org>
	<5591E10F.9000008@thinlink.com>
	<CAAt2M1_yiN8ouaTdiyx8n8CkaT=e-pdUqqtde-bC32enqLfHog@mail.gmail.com>
	<5591EA1B.1050709@thinlink.com>
Date: Tue, 30 Jun 2015 03:10:23 +0200
Message-ID: <CAAt2M18Bbcp8-saF7FbkY1vp9rUihStaTXawB9JjafX=+ZasFw@mail.gmail.com>
From: Natanael <natanael.l@gmail.com>
To: Tom Harding <tomh@thinlink.com>
Content-Type: multipart/alternative; boundary=001a11c1a808ee97620519b1de36
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] BIP: Full Replace-by-Fee deployment schedule
Precedence: list

--001a11c1a808ee97620519b1de36
Content-Type: text/plain; charset=UTF-8

Den 30 jun 2015 03:00 skrev "Tom Harding" <tomh@thinlink.com>:
>
> On 6/29/2015 5:51 PM, Natanael wrote:
>>
>> What you ask to see implemented will trivially fall to a sybil attack.
It isn't securable. It is running on the honor system exclusively. It will
be attacked, it will fail, losses will be had, the attackers will walk away
with embarrassingly large sums.
>
>
> Oh please.  Checking that a node does relay something is not much
different than banning it for relaying garbage.
>
> It just happens to require that you have two nodes and coordinate them
somehow.  I didn't offer a complete design, don't claim magical properties,
and certainly didn't mean to imply that nodes passing a test could be
trusted (as you suggest with your "accountable parties").

But the check means nothing at all to you since no information which you
can learn from doing so can be trusted for use in decision making of any
kind, so why do it? Unless you pay for hosting of that particular node
which you test, you have no reason to care for any reason other than simple
statistics.

The claims I made is based on simple economic analysis - if *to be able to
attack* first requires effort and risk that exceed the payoff, you're
unlikely to try. Being legally accountable and identified in advance and
having to build reputation before being trusted with attack-worthy sums is
strongly discouraging.

--001a11c1a808ee97620519b1de36
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr"><br>
Den 30 jun 2015 03:00 skrev &quot;Tom Harding&quot; &lt;<a href=3D"mailto:t=
omh@thinlink.com">tomh@thinlink.com</a>&gt;:<br>
&gt;<br>
&gt; On 6/29/2015 5:51 PM, Natanael wrote:<br>
&gt;&gt;<br>
&gt;&gt; What you ask to see implemented will trivially fall to a sybil att=
ack. It isn&#39;t securable. It is running on the honor system exclusively.=
 It will be attacked, it will fail, losses will be had, the attackers will =
walk away with embarrassingly large sums. <br>
&gt;<br>
&gt;<br>
&gt; Oh please.=C2=A0 Checking that a node does relay something is not much=
 different than banning it for relaying garbage.<br>
&gt;<br>
&gt; It just happens to require that you have two nodes and coordinate them=
 somehow.=C2=A0 I didn&#39;t offer a complete design, don&#39;t claim magic=
al properties, and certainly didn&#39;t mean to imply that nodes passing a =
test could be trusted (as you suggest with your &quot;accountable parties&q=
uot;).</p>
<p dir=3D"ltr">But the check means nothing at all to you since no informati=
on which you can learn from doing so can be trusted for use in decision mak=
ing of any kind, so why do it? Unless you pay for hosting of that particula=
r node which you test, you have no reason to care for any reason other than=
 simple statistics. </p>
<p dir=3D"ltr">The claims I made is based on simple economic analysis - if =
*to be able to attack* first requires effort and risk that exceed the payof=
f, you&#39;re unlikely to try. Being legally accountable and identified in =
advance and having to build reputation before being trusted with attack-wor=
thy sums is strongly discouraging. </p>

--001a11c1a808ee97620519b1de36--