MIME-Version: 1.0
In-Reply-To: <CABm2gDorEFNzzHH2bxpo6miv1H0RUhL9uAYX6gg2aW0wB1QDbw@mail.gmail.com>
References: <20150212064719.GA6563@savin.petertodd.org>
	<CANEZrP2uVT_UqJbzyQcEbiS78T68Jj2cH7OGXv5QtYiCwArDdA@mail.gmail.com>
	<CAJHLa0PkzG44JpuQoHVLUU8SR55LaJf5AwG=a7AjK2u7TAveOQ@mail.gmail.com>
	<20150215212512.GR14804@nl.grid.coop> <54E11248.6090401@gmail.com>
	<20150219085604.GT14804@nl.grid.coop>
	<CABm2gDorEFNzzHH2bxpo6miv1H0RUhL9uAYX6gg2aW0wB1QDbw@mail.gmail.com>
Date: Sat, 21 Feb 2015 12:30:11 -0800
Message-ID: <CAOG=w-uJFobZtkd8OoPnOJC3uqCOwjsqyfNWJTg3j3sJQn+wXQ@mail.gmail.com>
From: Mark Friedenbach <mark@friedenbach.org>
To: =?UTF-8?B?Sm9yZ2UgVGltw7Nu?= <jtimon@jtimon.cc>
Content-Type: multipart/alternative; boundary=001a1140a87c3276b3050f9f0931
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] replace-by-fee v0.10.0rc4
Precedence: list

--001a1140a87c3276b3050f9f0931
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Thank you Jorge for the contribution of the Stag Hunt terminology. It is
much better than a politically charged "scorched earth".
On Feb 21, 2015 11:10 AM, "Jorge Tim=C3=B3n" <jtimon@jtimon.cc> wrote:

> I agree "scorched hearth" is a really bad name for the 0 conf protocol
> based on game theory. I would have preferred "stag hunt" since that's
> basically what it's using (see http://en.wikipedia.org/wiki/Stag_hunt)
> but I like the protocol and I think it would be interesting to
> integrate it in the  payment protocol.
> Even if that protocol didn't existed or didn't worked, replace-by-fee
> is purely part of a node's policy, not part of consensus.
> >From the whitepaper, 0 conf transactions being secure by the good will
> of miners was never an assumption, and it is clear to me that the
> system cannot provide those guaranties based on such a weak scheme. I
> believe thinking otherwise is naive.
> As to consider non-standard policies "an attack to bitcoin" because
> "that's not how bitcoin used to work", then I guess minimum relay fee
> policies can also be considered "an attack to bitcoin" on the same
> grounds.
> Lastly, "first-seen-wins" was just a simple policy to bootstrap the
> system, but I expect that most nodes will eventually move to policies
> that are economically rational for miners such as replace-by-fee.
> Not only I disagree this will be "the end of bitcoin" or "will push
> the price of the btc miners are mining down", I believe it will be
> something good for bitcoin.
> Since this is apparently controversial I don't want to push for
> replace-by-fee to become the new standard policy (something that would
> make sense to me). But once the policy code is sufficiently modular as
> to support several policies I would like bitcoin core to have a
> CReplaceByFeePolicy alongside CStandardPolicy and a CNullPolicy (no
> policy checks at all).
> One step at a time I guess...
>
>
> On Thu, Feb 19, 2015 at 9:56 AM, Troy Benjegerdes <hozer@hozed.org> wrote=
:
> > On Sun, Feb 15, 2015 at 11:40:24PM +0200, Adam Gibson wrote:
> >>
> >>
> >> On 02/15/2015 11:25 PM, Troy Benjegerdes wrote:
> >> >
> >> > Most money/payment systems include some method to reverse or undo
> >> > payments made in error. In these systems, the longer settlement
> >> > times you mention below are a feature, not a bug, and give more
> >> > time for a human to react to errors and system failures.
> >> >
> >>
> >> Settlement has to be final somewhere. That is the whole point of it.
> >> Transfer costs in current electronic payment systems are a direct
> >> consequence of their non-finality. That's the point Satoshi was making
> >> in the introduction to the whitepaper: "With the possibility of
> >> reversal, the need for trust spreads".
> >
> > The problem with that statement is I trust a merchant that I went into
> > a store and made a payment with personally more than I trust the firmwa=
re
> > on my hard drive [1].
> >
> > The attack surface of devices in your computer is huge. A motivated
> attacker
> > just needs to get an intern into a company that makes some kind of
> component
> > or system that's in your computer, cloud server, hardware wallet, or wh=
at
> > have you that has firmware capable of reading your private keys.
> >
> > With the possibility of mass trojaned hardware, if we are going to trus=
t
> > the system, it must somehow allow reversal through a human-in-the-loop.
> >
> >> There is nothing wrong with having reversible mechanisms built on top
> >> of Bitcoin, and indeed it makes sense for most activity to happen at
> >> those higher layers. It's easy to build things that way, but
> >> impossible to build them the other way: you can't build a
> >> non-reversible layer on top of a reversible layer.
> >
> > We built 'reliable' TCP on top of unreliable ethernet networks. My
> experience
> > with networking was if you tried to guarantee message delivery at the
> lowest
> > level, the system got exceedingly complicated, expensive, and brittle.
> >
> > Most applications, in particular paying someone you already trust, are
> quite
> > happy running on reversible systems, and in some cases more reliable an=
d
> > lower risk. (carrying non-reversible cash is generally considered risky=
)
> >
> > The problem is that if the base currency is assumed to be non-reversibl=
e,
> > then it's brittle and becomes 'too big to fail'.
> >
> > Where the blockchain improves on everything else is in transparency. If
> you
> > reverse transactions a lot, it will be obvious from an analysis. I woul=
d
> much
> > rather deal with a known, predictable, and relatively continous
> transaction
> > reversal rate (percentage) than have to deal with sudden failures where
> > some anonymous bad actor makes off with a fortune.
> >
> > We already have zero-conf double-spend transaction reversal, why not
> explicitly
> > extend that a little in a way that senders and receivers have a choice =
to
> > use it, or not?
> >
> >
> > [1]
> http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1Q=
V20150216
> >
> >
> -------------------------------------------------------------------------=
-----
> > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> > from Actuate! Instantly Supercharge Your Business Reports and Dashboard=
s
> > with Interactivity, Sharing, Native Excel Exports, App Integration & mo=
re
> > Get technology previously reserved for billion-dollar corporations, FRE=
E
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=3D190641631&iu=3D/4140/ostg=
.clktrk
> > _______________________________________________
> > Bitcoin-development mailing list
> > Bitcoin-development@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
> -------------------------------------------------------------------------=
-----
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
>
> http://pubads.g.doubleclick.net/gampad/clk?id=3D190641631&iu=3D/4140/ostg=
.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>

--001a1140a87c3276b3050f9f0931
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr">Thank you Jorge for the contribution of the Stag Hunt termin=
ology. It is much better than a politically charged &quot;scorched earth&qu=
ot;.</p>
<div class=3D"gmail_quote">On Feb 21, 2015 11:10 AM, &quot;Jorge Tim=C3=B3n=
&quot; &lt;jtimon@jtimon.cc&gt; wrote:<br type=3D"attribution"><blockquote =
class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid=
;padding-left:1ex">I agree &quot;scorched hearth&quot; is a really bad name=
 for the 0 conf protocol<br>
based on game theory. I would have preferred &quot;stag hunt&quot; since th=
at&#39;s<br>
basically what it&#39;s using (see <a href=3D"http://en.wikipedia.org/wiki/=
Stag_hunt" target=3D"_blank">http://en.wikipedia.org/wiki/Stag_hunt</a>)<br=
>
but I like the protocol and I think it would be interesting to<br>
integrate it in the=C2=A0 payment protocol.<br>
Even if that protocol didn&#39;t existed or didn&#39;t worked, replace-by-f=
ee<br>
is purely part of a node&#39;s policy, not part of consensus.<br>
&gt;From the whitepaper, 0 conf transactions being secure by the good will<=
br>
of miners was never an assumption, and it is clear to me that the<br>
system cannot provide those guaranties based on such a weak scheme. I<br>
believe thinking otherwise is naive.<br>
As to consider non-standard policies &quot;an attack to bitcoin&quot; becau=
se<br>
&quot;that&#39;s not how bitcoin used to work&quot;, then I guess minimum r=
elay fee<br>
policies can also be considered &quot;an attack to bitcoin&quot; on the sam=
e<br>
grounds.<br>
Lastly, &quot;first-seen-wins&quot; was just a simple policy to bootstrap t=
he<br>
system, but I expect that most nodes will eventually move to policies<br>
that are economically rational for miners such as replace-by-fee.<br>
Not only I disagree this will be &quot;the end of bitcoin&quot; or &quot;wi=
ll push<br>
the price of the btc miners are mining down&quot;, I believe it will be<br>
something good for bitcoin.<br>
Since this is apparently controversial I don&#39;t want to push for<br>
replace-by-fee to become the new standard policy (something that would<br>
make sense to me). But once the policy code is sufficiently modular as<br>
to support several policies I would like bitcoin core to have a<br>
CReplaceByFeePolicy alongside CStandardPolicy and a CNullPolicy (no<br>
policy checks at all).<br>
One step at a time I guess...<br>
<br>
<br>
On Thu, Feb 19, 2015 at 9:56 AM, Troy Benjegerdes &lt;<a href=3D"mailto:hoz=
er@hozed.org">hozer@hozed.org</a>&gt; wrote:<br>
&gt; On Sun, Feb 15, 2015 at 11:40:24PM +0200, Adam Gibson wrote:<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; On 02/15/2015 11:25 PM, Troy Benjegerdes wrote:<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; Most money/payment systems include some method to reverse or =
undo<br>
&gt;&gt; &gt; payments made in error. In these systems, the longer settleme=
nt<br>
&gt;&gt; &gt; times you mention below are a feature, not a bug, and give mo=
re<br>
&gt;&gt; &gt; time for a human to react to errors and system failures.<br>
&gt;&gt; &gt;<br>
&gt;&gt;<br>
&gt;&gt; Settlement has to be final somewhere. That is the whole point of i=
t.<br>
&gt;&gt; Transfer costs in current electronic payment systems are a direct<=
br>
&gt;&gt; consequence of their non-finality. That&#39;s the point Satoshi wa=
s making<br>
&gt;&gt; in the introduction to the whitepaper: &quot;With the possibility =
of<br>
&gt;&gt; reversal, the need for trust spreads&quot;.<br>
&gt;<br>
&gt; The problem with that statement is I trust a merchant that I went into=
<br>
&gt; a store and made a payment with personally more than I trust the firmw=
are<br>
&gt; on my hard drive [1].<br>
&gt;<br>
&gt; The attack surface of devices in your computer is huge. A motivated at=
tacker<br>
&gt; just needs to get an intern into a company that makes some kind of com=
ponent<br>
&gt; or system that&#39;s in your computer, cloud server, hardware wallet, =
or what<br>
&gt; have you that has firmware capable of reading your private keys.<br>
&gt;<br>
&gt; With the possibility of mass trojaned hardware, if we are going to tru=
st<br>
&gt; the system, it must somehow allow reversal through a human-in-the-loop=
.<br>
&gt;<br>
&gt;&gt; There is nothing wrong with having reversible mechanisms built on =
top<br>
&gt;&gt; of Bitcoin, and indeed it makes sense for most activity to happen =
at<br>
&gt;&gt; those higher layers. It&#39;s easy to build things that way, but<b=
r>
&gt;&gt; impossible to build them the other way: you can&#39;t build a<br>
&gt;&gt; non-reversible layer on top of a reversible layer.<br>
&gt;<br>
&gt; We built &#39;reliable&#39; TCP on top of unreliable ethernet networks=
. My experience<br>
&gt; with networking was if you tried to guarantee message delivery at the =
lowest<br>
&gt; level, the system got exceedingly complicated, expensive, and brittle.=
<br>
&gt;<br>
&gt; Most applications, in particular paying someone you already trust, are=
 quite<br>
&gt; happy running on reversible systems, and in some cases more reliable a=
nd<br>
&gt; lower risk. (carrying non-reversible cash is generally considered risk=
y)<br>
&gt;<br>
&gt; The problem is that if the base currency is assumed to be non-reversib=
le,<br>
&gt; then it&#39;s brittle and becomes &#39;too big to fail&#39;.<br>
&gt;<br>
&gt; Where the blockchain improves on everything else is in transparency. I=
f you<br>
&gt; reverse transactions a lot, it will be obvious from an analysis. I wou=
ld much<br>
&gt; rather deal with a known, predictable, and relatively continous transa=
ction<br>
&gt; reversal rate (percentage) than have to deal with sudden failures wher=
e<br>
&gt; some anonymous bad actor makes off with a fortune.<br>
&gt;<br>
&gt; We already have zero-conf double-spend transaction reversal, why not e=
xplicitly<br>
&gt; extend that a little in a way that senders and receivers have a choice=
 to<br>
&gt; use it, or not?<br>
&gt;<br>
&gt;<br>
&gt; [1] <a href=3D"http://www.reuters.com/article/2015/02/16/us-usa-cybers=
pying-idUSKBN0LK1QV20150216" target=3D"_blank">http://www.reuters.com/artic=
le/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216</a><br>
&gt;<br>
&gt; ----------------------------------------------------------------------=
--------<br>
&gt; Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server<br>
&gt; from Actuate! Instantly Supercharge Your Business Reports and Dashboar=
ds<br>
&gt; with Interactivity, Sharing, Native Excel Exports, App Integration &am=
p; more<br>
&gt; Get technology previously reserved for billion-dollar corporations, FR=
EE<br>
&gt; <a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D190641631&a=
mp;iu=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.ne=
t/gampad/clk?id=3D190641631&amp;iu=3D/4140/ostg.clktrk</a><br>
&gt; _______________________________________________<br>
&gt; Bitcoin-development mailing list<br>
&gt; <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-d=
evelopment@lists.sourceforge.net</a><br>
&gt; <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-develo=
pment" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitco=
in-development</a><br>
<br>
---------------------------------------------------------------------------=
---<br>
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server<br>
from Actuate! Instantly Supercharge Your Business Reports and Dashboards<br=
>
with Interactivity, Sharing, Native Excel Exports, App Integration &amp; mo=
re<br>
Get technology previously reserved for billion-dollar corporations, FREE<br=
>
<a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D190641631&amp;iu=
=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam=
pad/clk?id=3D190641631&amp;iu=3D/4140/ostg.clktrk</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</blockquote></div>

--001a1140a87c3276b3050f9f0931--