Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Z6Mr5-00013B-J5 for bitcoin-development@lists.sourceforge.net; Sat, 20 Jun 2015 17:46:59 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.220.170 as permitted sender) client-ip=209.85.220.170; envelope-from=tier.nolan@gmail.com; helo=mail-qk0-f170.google.com; Received: from mail-qk0-f170.google.com ([209.85.220.170]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Z6Mr4-00029r-EA for bitcoin-development@lists.sourceforge.net; Sat, 20 Jun 2015 17:46:59 +0000 Received: by qkbp125 with SMTP id p125so73635983qkb.2 for ; Sat, 20 Jun 2015 10:46:53 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.140.237.147 with SMTP id i141mr30383143qhc.25.1434822412984; Sat, 20 Jun 2015 10:46:52 -0700 (PDT) Received: by 10.140.85.241 with HTTP; Sat, 20 Jun 2015 10:46:52 -0700 (PDT) In-Reply-To: References: Date: Sat, 20 Jun 2015 18:46:52 +0100 Message-ID: From: Tier Nolan Cc: Bitcoin Dev Content-Type: multipart/alternative; boundary=001a1135ad283de7220518f6a074 X-Spam-Score: 0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (tier.nolan[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.2 MISSING_HEADERS Missing To: header 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1Z6Mr4-00029r-EA Subject: Re: [Bitcoin-development] Hard fork via miner vote X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Jun 2015 17:46:59 -0000 --001a1135ad283de7220518f6a074 Content-Type: text/plain; charset=UTF-8 I agree giving notice that the change is going to happen is critical for a hard fork. If miners vote in favor, they need to give people time to upgrade (or to decide to reject the fork). The BIP 100 proposal is that no change will happen until a timestamp is reached. It isn't clear exactly how it would work. Testnet: Sep 1st 2015 Mainnet: Jan 11th 2016 It suggests 90% of 12000 blocks (~83 days). This means that if 10800 of the last 12000 blocks are the updated version, then the change is considered locked in. I think having an earlier "fail" threshold would be a good idea too. This guarantees notice. Assuming 3 is and 4 is If the median of 11 timestamp is after 1st Sep 2015 and less than 10800 of the last 12000 blocks are version 4+, then reject version 4 blocks If the median of 11 timestamp is after 1st Nov 2015 and at least 10800 of the last 12000 blocks are version 4+, then reject version 3 blocks (lock-in) If the median of 11 timestamp is after 1st Jan 2016 and at least 10800 of the last 12000 blocks are version 4+, the allow This means that if the 90% threshold is lost at any time between 1st Sep and 1st Nov, then the fork is rejected. Otherwise, after the 1st Nov, it is locked in, but the new rules don't activate until 1st Jan. For block size, miners could still soft fork back to 1MB after 1st Nov, it there is a user/merchant revolt (maybe that would be version 5 blocks). On Sat, Jun 20, 2015 at 6:13 PM, Pieter Wuille wrote: > Hello all, > > I've seen ideas around hard fork proposals that involve a block version > vote (a la BIP34, BIP66, or my more recent versionbits BIP draft). I > believe this is a bad idea, independent of what the hard fork itself is. > > Ultimately, the purpose of a hard fork is asking the whole community to > change their full nodes to new code. The purpose of the trigger mechanism > is to establish when that has happened. > > Using a 95% threshold, implies the fork can happen when at least 5% of > miners have not upgraded, which implies some full nodes have not (as miners > are nodes), and in addition, means the old chain can keep growing too, > confusing old non-miner nodes as well. > > Ideally, the fork should be scheduled when one is certain nodes will have > upgraded, and the risk for a fork will be gone. If everyone has upgraded, > no vote is necessary, and if nodes have not, it remains risky to fork them > off. > > I understand that, in order to keep humans in the loop, you want an > observable trigger mechanism, and a hashrate vote is an easy way to do > this. But at least, use a minimum timestamp you believe to be reasonable > for upgrade, and a 100% threshold afterwards. Anything else guarantees that > your forking change happens *knowingly* before the risk is gone. > > You may argue that miners would be asked to - and have it in their best > interest - to not actually make blocks that violate the changed rule before > they are reasonably sure that everyone has upgraded. That is possible, but > it does not gain you anything over just using a 100% threshold, as how > would they be reasonably sure everyone has upgraded, while blocks creater > by non-upgraded miners are still being created? > > TL;DR: use a timestamp switchover for a hard fork, or add a block voting > threshold as a means to keep humans in the loop, but if you do, use 100% as > threshold. > > -- > Pieter > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > --001a1135ad283de7220518f6a074 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I agree giving notice that t= he change is going to happen is critical for a hard fork.=C2=A0 If miners v= ote in favor, they need to give people time to upgrade (or to decide to rej= ect the fork).

The BIP 100 proposal is that no change wil= l happen until a timestamp is reached.=C2=A0 It isn't clear exactly how= it would work.

Testnet: Sep 1st 2015
Mainnet: Jan 11= th 2016

It suggests 90% of 12000 blocks (~83 days).

This means that if 10800 of the last 12000 blocks are the updated = version, then the change is considered locked in.

I think= having an earlier "fail" threshold would be a good idea too.=C2= =A0 This guarantees notice.

Assuming 3 is <old rule>= ; and 4 is <new rule>

If the median of 11 timestamp is after 1= st Sep 2015 and less than 10800=20 of the last 12000 blocks are version 4+, then reject version 4 blocks
If the median of 11 timestamp is after 1st Nov 2015 and at least 1= 0800 of the last 12000 blocks are version 4+, then reject version 3 blocks= =C2=A0 (lock-in)
If the median of 11 timestamp is after 1st J= an 2016 and at least 10800 of the last 12000 blocks are version 4+, the all= ow <new rule>

This means that if the 90% threshold = is lost at any time between 1st Sep and 1st Nov, then the fork is rejected.= =C2=A0 Otherwise, after the 1st Nov, it is locked in, but the new rules don= 't activate until 1st Jan.

For block size, miners cou= ld still soft fork back to 1MB after 1st Nov, it there is a user/merchant r= evolt (maybe that would be version 5 blocks).


On Sat, Jun 20, 2015 a= t 6:13 PM, Pieter Wuille <pieter.wuille@gmail.com> wro= te:

Hel= lo all,

I've seen ideas around hard fork proposals that involve = a block version vote (a la BIP34, BIP66, or my more recent versionbits BIP = draft). I believe this is a bad idea, independent of what the hard fork its= elf is.

Ultimately, the purpose of a hard fork is asking the whole c= ommunity to change their full nodes to new code. The purpose of the trigger= mechanism is to establish when that has happened.

Using a 95% threshold, implies the fork can happen when at l= east 5% of miners have not upgraded, which implies some full nodes have not= (as miners are nodes), and in addition, means the old chain can keep growi= ng too, confusing old non-miner nodes as well.

Ideally, the fork should be scheduled when one is certain no= des will have upgraded, and the risk for a fork will be gone. If everyone h= as upgraded, no vote is necessary, and if nodes have not, it remains risky = to fork them off.

I understand that, in order to keep humans in the loop, you = want an observable trigger mechanism, and a hashrate vote is an easy way to= do this. But at least, use a minimum timestamp you believe to be reasonabl= e for upgrade, and a 100% threshold afterwards. Anything else guarantees th= at your forking change happens *knowingly* before the risk is gone.

You may argue that miners would be asked to - and have it in= their best interest - to not actually make blocks that violate the changed= rule before they are reasonably sure that everyone has upgraded. That is p= ossible, but it does not gain you anything over just using a 100% threshold= , as how would they be reasonably sure everyone has upgraded, while blocks = creater by non-upgraded miners are still being created?

TL;DR: use a timestamp switchover for a hard fork, or add a = block voting threshold as a means to keep humans in the loop, but if you do= , use 100% as threshold.

--
Pieter


---------------------------------------------------------= ---------------------

_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/= listinfo/bitcoin-development


--001a1135ad283de7220518f6a074--