MIME-Version: 1.0
In-Reply-To: <20150219085604.GT14804@nl.grid.coop>
References: <20150212064719.GA6563@savin.petertodd.org>
	<CANEZrP2uVT_UqJbzyQcEbiS78T68Jj2cH7OGXv5QtYiCwArDdA@mail.gmail.com>
	<CAJHLa0PkzG44JpuQoHVLUU8SR55LaJf5AwG=a7AjK2u7TAveOQ@mail.gmail.com>
	<20150215212512.GR14804@nl.grid.coop> <54E11248.6090401@gmail.com>
	<20150219085604.GT14804@nl.grid.coop>
Date: Sat, 21 Feb 2015 20:09:50 +0100
Message-ID: <CABm2gDorEFNzzHH2bxpo6miv1H0RUhL9uAYX6gg2aW0wB1QDbw@mail.gmail.com>
From: =?UTF-8?B?Sm9yZ2UgVGltw7Nu?= <jtimon@jtimon.cc>
To: Troy Benjegerdes <hozer@hozed.org>
Content-Type: text/plain; charset=UTF-8
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] replace-by-fee v0.10.0rc4
Precedence: list

I agree "scorched hearth" is a really bad name for the 0 conf protocol
based on game theory. I would have preferred "stag hunt" since that's
basically what it's using (see http://en.wikipedia.org/wiki/Stag_hunt)
but I like the protocol and I think it would be interesting to
integrate it in the  payment protocol.
Even if that protocol didn't existed or didn't worked, replace-by-fee
is purely part of a node's policy, not part of consensus.
From the whitepaper, 0 conf transactions being secure by the good will
of miners was never an assumption, and it is clear to me that the
system cannot provide those guaranties based on such a weak scheme. I
believe thinking otherwise is naive.
As to consider non-standard policies "an attack to bitcoin" because
"that's not how bitcoin used to work", then I guess minimum relay fee
policies can also be considered "an attack to bitcoin" on the same
grounds.
Lastly, "first-seen-wins" was just a simple policy to bootstrap the
system, but I expect that most nodes will eventually move to policies
that are economically rational for miners such as replace-by-fee.
Not only I disagree this will be "the end of bitcoin" or "will push
the price of the btc miners are mining down", I believe it will be
something good for bitcoin.
Since this is apparently controversial I don't want to push for
replace-by-fee to become the new standard policy (something that would
make sense to me). But once the policy code is sufficiently modular as
to support several policies I would like bitcoin core to have a
CReplaceByFeePolicy alongside CStandardPolicy and a CNullPolicy (no
policy checks at all).
One step at a time I guess...


On Thu, Feb 19, 2015 at 9:56 AM, Troy Benjegerdes <hozer@hozed.org> wrote:
> On Sun, Feb 15, 2015 at 11:40:24PM +0200, Adam Gibson wrote:
>>
>>
>> On 02/15/2015 11:25 PM, Troy Benjegerdes wrote:
>> >
>> > Most money/payment systems include some method to reverse or undo
>> > payments made in error. In these systems, the longer settlement
>> > times you mention below are a feature, not a bug, and give more
>> > time for a human to react to errors and system failures.
>> >
>>
>> Settlement has to be final somewhere. That is the whole point of it.
>> Transfer costs in current electronic payment systems are a direct
>> consequence of their non-finality. That's the point Satoshi was making
>> in the introduction to the whitepaper: "With the possibility of
>> reversal, the need for trust spreads".
>
> The problem with that statement is I trust a merchant that I went into
> a store and made a payment with personally more than I trust the firmware
> on my hard drive [1].
>
> The attack surface of devices in your computer is huge. A motivated attacker
> just needs to get an intern into a company that makes some kind of component
> or system that's in your computer, cloud server, hardware wallet, or what
> have you that has firmware capable of reading your private keys.
>
> With the possibility of mass trojaned hardware, if we are going to trust
> the system, it must somehow allow reversal through a human-in-the-loop.
>
>> There is nothing wrong with having reversible mechanisms built on top
>> of Bitcoin, and indeed it makes sense for most activity to happen at
>> those higher layers. It's easy to build things that way, but
>> impossible to build them the other way: you can't build a
>> non-reversible layer on top of a reversible layer.
>
> We built 'reliable' TCP on top of unreliable ethernet networks. My experience
> with networking was if you tried to guarantee message delivery at the lowest
> level, the system got exceedingly complicated, expensive, and brittle.
>
> Most applications, in particular paying someone you already trust, are quite
> happy running on reversible systems, and in some cases more reliable and
> lower risk. (carrying non-reversible cash is generally considered risky)
>
> The problem is that if the base currency is assumed to be non-reversible,
> then it's brittle and becomes 'too big to fail'.
>
> Where the blockchain improves on everything else is in transparency. If you
> reverse transactions a lot, it will be obvious from an analysis. I would much
> rather deal with a known, predictable, and relatively continous transaction
> reversal rate (percentage) than have to deal with sudden failures where
> some anonymous bad actor makes off with a fortune.
>
> We already have zero-conf double-spend transaction reversal, why not explicitly
> extend that a little in a way that senders and receivers have a choice to
> use it, or not?
>
>
> [1] http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development