1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <mh.in.england@gmail.com>) id 1Xa9vw-00068c-EX
for bitcoin-development@lists.sourceforge.net;
Fri, 03 Oct 2014 20:58:36 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.218.54 as permitted sender)
client-ip=209.85.218.54; envelope-from=mh.in.england@gmail.com;
helo=mail-oi0-f54.google.com;
Received: from mail-oi0-f54.google.com ([209.85.218.54])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1Xa9vu-0001VC-JG
for bitcoin-development@lists.sourceforge.net;
Fri, 03 Oct 2014 20:58:36 +0000
Received: by mail-oi0-f54.google.com with SMTP id v63so1355108oia.13
for <bitcoin-development@lists.sourceforge.net>;
Fri, 03 Oct 2014 13:58:29 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.60.94.167 with SMTP id dd7mr10131970oeb.4.1412369909060;
Fri, 03 Oct 2014 13:58:29 -0700 (PDT)
Sender: mh.in.england@gmail.com
Received: by 10.76.69.135 with HTTP; Fri, 3 Oct 2014 13:58:28 -0700 (PDT)
In-Reply-To: <201410031750.27323.luke@dashjr.org>
References: <20141001130826.GM28710@savin.petertodd.org>
<CABbpET8_FMCcnh0dELnHsYmF+YP05Gz=nZ3SPkLZuqXYV3JUpQ@mail.gmail.com>
<1987325.zKPNeYyO8K@crushinator>
<201410031750.27323.luke@dashjr.org>
Date: Fri, 3 Oct 2014 22:58:28 +0200
X-Google-Sender-Auth: tBwvZR-cfhD8Lyipp0G01HkjZiw
Message-ID: <CANEZrP1eGi-AHgciQiKUuUB7WwqKsMOyTjCQAAO=RWEkPC2Uiw@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Luke Dashjr <luke@dashjr.org>
Content-Type: multipart/alternative; boundary=089e01183cbab8f95605048afec1
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(mh.in.england[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1Xa9vu-0001VC-JG
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>,
Flavien Charlon <flavien.charlon@coinprism.com>
Subject: Re: [Bitcoin-development] [BIP draft] CHECKLOCKTIMEVERIFY - Prevent
a txout from being spent until an expiration time
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 03 Oct 2014 20:58:37 -0000
--089e01183cbab8f95605048afec1
Content-Type: text/plain; charset=UTF-8
Alright. It seems there's no real disagreement about how the opcode
behaves. Perhaps a time limit would be appropriate to stop people creating
outputs locked for 100 years .... is bitcoin even likely to exist in 100
years? The entire history of computing is not even that old, seems hard to
imagine that it'd be good for anything beyond wasting space in the
database. But this is a minor point.
So I guess it's time to start the deployment discussion.
Bitcoin is a consensus system. It works best when everyone is following
exactly the same rules at the same time. A soft fork works against this
principle by allowing nodes to think they're following the majority
ruleset, even if they aren't, effectively downgrading them to something a
bit like SPV security without them realising.
A hard fork has multiple desirable properties. Most importantly, it means a
node can detect it's no longer in the consensus because it'll find its own
chain height has diverged significantly from its peers. Core already has
code that knows how to detect this condition and log errors about it as
well as running the alertnotify script i.e. emailing the admin. Ideally it
would also stop serving work so miners shut down or fail over, but this is
easily added to the CheckForkWarningConditions() function.
In other words, this gives the cleanest failure we can give, such that any
procedures a node operator has put in place to alert them of divergence
will be triggered. Any code which is waiting for confirmations will wait
forever at this point, thus minimising the risk of loss.
Additionally, forcing old peers to fall behind means SPV clients will pick
the right chain, and not end up downloading transactions or blocks that are
about to be doomed at the next re-org. They can easily choose to ignore
transactions relayed by peers that are too far behind and thus not end up
accepting transactions that are no longer valid according to the majority
(a scenario which can cause monetary loss).
I don't think hard forks should be scary. Mechanisms are in place to warn
people and they can be scheduled with plenty of time in advance. The main
stated justification for a soft fork is backwards compatibility, but in a
system like Bitcoin you really don't want to be running behind the
consensus and it's hard to imagine any node operator deliberately choosing
to stay on the wrong side of the fork. It's not like other software where
people can choose to skip an upgrade and things still work just like before.
--089e01183cbab8f95605048afec1
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra">Alright. It seems there's n=
o real disagreement about how the opcode behaves. Perhaps a time limit woul=
d be appropriate to stop people creating outputs locked for 100 years .... =
is bitcoin even likely to exist in 100 years? The entire history of computi=
ng is not even that old, seems hard to imagine that it'd be good for an=
ything beyond wasting space in the database. But this is a minor point.</di=
v><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">So I gues=
s it's time to start the deployment discussion.</div><div class=3D"gmai=
l_extra"><br></div><div class=3D"gmail_extra">Bitcoin is a consensus system=
. It works best when everyone is following exactly the same rules at the sa=
me time. A soft fork works against this principle by allowing nodes to thin=
k they're following the majority ruleset, even if they aren't, effe=
ctively downgrading them to something a bit like SPV security without them =
realising.</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_ex=
tra">A hard fork has multiple desirable properties. Most importantly, it me=
ans a node can detect it's no longer in the consensus because it'll=
find its own chain height has diverged significantly from its peers. Core =
already has code that knows how to detect this condition and log errors abo=
ut it as well as running the alertnotify script i.e. emailing the admin. Id=
eally it would also stop serving work so miners shut down or fail over, but=
this is easily added to the CheckForkWarningConditions() function.</div><d=
iv class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">In other word=
s, this gives the cleanest failure we can give, such that any procedures a =
node operator has put in place to alert them of divergence will be triggere=
d.=C2=A0 Any code which is waiting for confirmations will wait forever at t=
his point, thus minimising the risk of loss.</div><div class=3D"gmail_extra=
"><br></div><div class=3D"gmail_extra">Additionally, forcing old peers to f=
all behind means SPV clients will pick the right chain, and not end up down=
loading transactions or blocks that are about to be doomed at the next re-o=
rg. They can easily choose to ignore transactions relayed by peers that are=
too far behind and thus not end up accepting transactions that are no long=
er valid according to the majority (a scenario which can cause monetary los=
s).</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">I =
don't think hard forks should be scary. Mechanisms are in place to warn=
people and they can be scheduled with plenty of time in advance. The main =
stated justification for a soft fork is backwards compatibility, but in a s=
ystem like Bitcoin you really don't want to be running behind the conse=
nsus and it's hard to imagine any node operator deliberately choosing t=
o stay on the wrong side of the fork. It's not like other software wher=
e people can choose to skip an upgrade and things still work just like befo=
re.</div></div>
--089e01183cbab8f95605048afec1--
|