Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id BCAF2870; Tue, 4 Dec 2018 03:34:06 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from ozlabs.org (ozlabs.org [203.11.71.1]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 7A26D826; Tue, 4 Dec 2018 03:34:05 +0000 (UTC) Received: by ozlabs.org (Postfix, from userid 1011) id 4386sl3zT5z9s7W; Tue, 4 Dec 2018 14:34:03 +1100 (AEDT) From: Rusty Russell To: Matt Corallo , bitcoin-dev@lists.linuxfoundation.org In-Reply-To: References: Date: Tue, 04 Dec 2018 14:03:53 +1030 Message-ID: <878t163qzi.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Tue, 04 Dec 2018 08:31:53 +0000 Cc: lightning-dev@lists.linuxfoundation.org Subject: Re: [bitcoin-dev] [Lightning-dev] CPFP Carve-Out for Fee-Prediction Issues in Contracting Applications (eg Lightning) X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Dec 2018 03:34:06 -0000 Matt Corallo writes: > As an alternative proposal, at various points there have been > discussions around solving the "RBF-pinning" problem by allowing > transactors to mark their transactions as "likely-to-be-RBF'ed", which > could enable a relay policy where children of such transactions would be > rejected unless the resulting package would be "near the top of the > mempool". This would theoretically imply such attacks are not possible > to pull off consistently, as any "transaction-delaying" channel > participant will have to place the package containing A at an effective > feerate which makes confirmation to occur soon with some likelihood. It > is, however, possible to pull off this attack with low probability in > case of feerate spikes right after broadcast. I like this idea. Firstly, it's incentive-compatible[1]: assuming blocks are full, miners should always take a higher feerate tx if that tx would be in the current block and the replaced txs would not.[2] Secondly, it reduces the problem that the current lightning proposal adds to the UTXO set with two anyone-can-spend txs for 1000 satoshis, which might be too small to cleanup later. This rule would allow a simple single P2WSH(OP_TRUE) output, or, with IsStandard changed, a literal OP_TRUE. > Note that this clearly relies on some form of package relay, which comes > with its own challenges, but I'll start a separate thread on that. Could be done client-side, right? Do a quick check if this is above 250 satoshi per kweight but below minrelayfee, put it in a side-cache with a 60 second timeout sweep. If something comes in which depends on it which is above minrelayfee, then process them as a pair[3]. Cheers, Rusty. [1] Miners have generally been happy with Defaults Which Are Good For The Network, but I feel a long term development aim should to be reduce such cases to smaller and smaller corners. [2] The actual condition is subtler, but this is a clear subset AFAICT. [3] For Lightning, we don't care about child-pays-for-grandparent etc.