Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 5E15E268 for ; Fri, 6 Nov 2015 08:05:25 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-qg0-f68.google.com (mail-qg0-f68.google.com [209.85.192.68]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id CA5CCFD for ; Fri, 6 Nov 2015 08:05:24 +0000 (UTC) Received: by qgep3 with SMTP id p3so10082192qge.3 for ; Fri, 06 Nov 2015 00:05:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=OlkpA/M5W+fqkrfqlXH3lt9Aq1E7m8sfb+ogYQhG3+0=; b=cdX7OD2MhruHqrMv3MHaX/HJOTGc7Ocai037AW+Zy/6Nc453LF1hLjRrykzBQVsK9x aWm9sXyUY5QkBE2Iex1vFwGQf59MQ0PNK9sl0FB0KFdfAY5uwQeT2SSLVVKphmSx4tlN 0sJJexHVxvaBhuz/u2fA/iyK28i93DZ8kvHJhJvtzb2hgNB6w5BTFq3jNy5gbV2FZnsn NVBbBOX69ygMa/3iWfKWVG9XdFIN/J5gug28XiRjWMfO24odGgreN2+v1UyVMANDP4o+ 7yNUq4vjOpP7JJy+dp8rwyk4Kz5JRx7Bu0RegHvdqAuXU/bnuMKy3Ard/p/WcdyGvkl/ +ZZA== MIME-Version: 1.0 X-Received: by 10.140.31.38 with SMTP id e35mr11807978qge.22.1446797123931; Fri, 06 Nov 2015 00:05:23 -0800 (PST) Sender: nbvfour@gmail.com Received: by 10.140.32.118 with HTTP; Fri, 6 Nov 2015 00:05:23 -0800 (PST) In-Reply-To: <563BE746.5030406@voskuil.org> References: <563BE746.5030406@voskuil.org> Date: Fri, 6 Nov 2015 00:05:23 -0800 X-Google-Sender-Auth: GutLT8b0AWDKRCAcivAJ-vOb3N8 Message-ID: From: Chris Priest To: Eric Voskuil Content-Type: text/plain; charset=UTF-8 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Fri, 06 Nov 2015 11:11:58 +0000 Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] summarising security assumptions (re cost metrics) X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Nov 2015 08:05:25 -0000 On 11/5/15, Eric Voskuil via bitcoin-dev wrote: > On 11/05/2015 03:03 PM, Adam Back via bitcoin-dev wrote: >> ... >> Validators: Economically dependent full nodes are an important part of >> Bitcoin's security model because they assure Bitcoin security by >> enforcing consensus rules. While full nodes do not have orphan >> risk, we also dont want maliciously crafted blocks with pathological >> validation cost to erode security by knocking reasonable spec full >> nodes off the network on CPU (or bandwidth grounds). >> ... >> Validators vs Miner decentralisation balance: >> >> There is a tradeoff where we can tolerate weak miner decentralisation >> if we can rely on good validator decentralisation or vice versa. But >> both being weak is risky. Currently given mining centralisation >> itself is weak, that makes validator decentralisation a critical >> remaining defence - ie security depends more on validator >> decentralisation than it would if mining decentralisation was in a >> better shape. > > This side of the security model seems underappreciated, if not poorly > understood. Weakening is not just occurring because of the proliferation > of non-validating wallet software and centralized (web) wallets, but > also centralized Bitcoin APIs. > > Over time developers tend to settle on a couple of API providers for a > given problem. Bing and Google for search and mapping, for example. All > applications and users of them, depending on an API service, reduce to a > single validator. Imagine most Bitcoin applications built on the > equivalent of Bing and Google. > > e > > I disagree. I think blockchain APIs are a good thing for decentralization. There aren't just 3 or 4 blockexplorer APIs out there, there are dozens. Each API returns essentially the same data, so they are all interchangeable. Take a look at this python package: https://github.com/priestc/moneywagon