Return-Path: <rusty@ozlabs.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 7624190
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sun,  1 Nov 2015 03:23:27 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from ozlabs.org (ozlabs.org [103.22.144.67])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 8801BEE
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sun,  1 Nov 2015 03:23:26 +0000 (UTC)
Received: by ozlabs.org (Postfix, from userid 1011)
	id 61AB1140778; Sun,  1 Nov 2015 14:23:23 +1100 (AEDT)
From: Rusty Russell <rusty@rustcorp.com.au>
To: Gavin Andresen <gavinandresen@gmail.com>,
	Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
In-Reply-To: <CABsx9T0Evf3B_NtmdKxc_M1xRQh-jSC4JzTHCx8Ez9RzCypvMg@mail.gmail.com>
References: <CABsx9T0Evf3B_NtmdKxc_M1xRQh-jSC4JzTHCx8Ez9RzCypvMg@mail.gmail.com>
User-Agent: Notmuch/0.20.2 (http://notmuchmail.org) Emacs/24.5.1
	(x86_64-pc-linux-gnu)
Date: Sat, 31 Oct 2015 14:13:13 +1030
Message-ID: <8737wrwvn2.fsf@rustcorp.com.au>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_40, DATE_IN_PAST_12_24, 
	RCVD_IN_DNSWL_MED, T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] Compatibility requirements for hard or soft forks
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Nov 2015 03:23:27 -0000

Gavin Andresen via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> writes:
> Should it be a requirement that ANY one-megabyte transaction that is valid
> under the existing rules also be valid under new rules?
>
> Pro:  There could be expensive-to-validate transactions created and given a
> lockTime in the future stored somewhere safe. Their owners may have no
> other way of spending the funds (they might have thrown away the private
> keys), and changing validation rules to be more strict so that those
> transactions are invalid would be an unacceptable confiscation of funds.

Not just lockTime; potentially any tx locked away in a safe.

Consider low-S enforcement: high chance a non-expert user will be unable
to spend an old transaction.  They need to compromise their privacy
and/or spend time and money.  A milder "confiscation" but a more likely
one.

By that benchmark, we should aim for "reasonable certainty".  A
transaction which would never have been generated by any known software
is the minimum bar.  Adding "...which would have to be deliberately
stupid with many redundant OP_CHECKSIG etc" surpasses it.  The only extra
safeguard I can think of is clear, widespread notification of the
change.

Cheers,
Rusty.