I agree "scorched hearth" is a really bad name for the 0 conf protocol based on game theory. I would have preferred "stag hunt" since that's basically what it's using (see http://en.wikipedia.org/wiki/Stag_hunt) but I like the protocol and I think it would be interesting to integrate it in the payment protocol. Even if that protocol didn't existed or didn't worked, replace-by-fee is purely part of a node's policy, not part of consensus. >From the whitepaper, 0 conf transactions being secure by the good will of miners was never an assumption, and it is clear to me that the system cannot provide those guaranties based on such a weak scheme. I believe thinking otherwise is naive. As to consider non-standard policies "an attack to bitcoin" because "that's not how bitcoin used to work", then I guess minimum relay fee policies can also be considered "an attack to bitcoin" on the same grounds. Lastly, "first-seen-wins" was just a simple policy to bootstrap the system, but I expect that most nodes will eventually move to policies that are economically rational for miners such as replace-by-fee. Not only I disagree this will be "the end of bitcoin" or "will push the price of the btc miners are mining down", I believe it will be something good for bitcoin. Since this is apparently controversial I don't want to push for replace-by-fee to become the new standard policy (something that would make sense to me). But once the policy code is sufficiently modular as to support several policies I would like bitcoin core to have a CReplaceByFeePolicy alongside CStandardPolicy and a CNullPolicy (no policy checks at all). One step at a time I guess...
On Thu, Feb 19, 2015 at 9:56 AM, Troy Benjegerdes <ho...@hozed.org> wrote: > On Sun, Feb 15, 2015 at 11:40:24PM +0200, Adam Gibson wrote: >> >> >> On 02/15/2015 11:25 PM, Troy Benjegerdes wrote: >> > >> > Most money/payment systems include some method to reverse or undo >> > payments made in error. In these systems, the longer settlement >> > times you mention below are a feature, not a bug, and give more >> > time for a human to react to errors and system failures. >> > >> >> Settlement has to be final somewhere. That is the whole point of it. >> Transfer costs in current electronic payment systems are a direct >> consequence of their non-finality. That's the point Satoshi was making >> in the introduction to the whitepaper: "With the possibility of >> reversal, the need for trust spreads". > > The problem with that statement is I trust a merchant that I went into > a store and made a payment with personally more than I trust the firmware > on my hard drive [1]. > > The attack surface of devices in your computer is huge. A motivated attacker > just needs to get an intern into a company that makes some kind of component > or system that's in your computer, cloud server, hardware wallet, or what > have you that has firmware capable of reading your private keys. > > With the possibility of mass trojaned hardware, if we are going to trust > the system, it must somehow allow reversal through a human-in-the-loop. > >> There is nothing wrong with having reversible mechanisms built on top >> of Bitcoin, and indeed it makes sense for most activity to happen at >> those higher layers. It's easy to build things that way, but >> impossible to build them the other way: you can't build a >> non-reversible layer on top of a reversible layer. > > We built 'reliable' TCP on top of unreliable ethernet networks. My experience > with networking was if you tried to guarantee message delivery at the lowest > level, the system got exceedingly complicated, expensive, and brittle. > > Most applications, in particular paying someone you already trust, are quite > happy running on reversible systems, and in some cases more reliable and > lower risk. (carrying non-reversible cash is generally considered risky) > > The problem is that if the base currency is assumed to be non-reversible, > then it's brittle and becomes 'too big to fail'. > > Where the blockchain improves on everything else is in transparency. If you > reverse transactions a lot, it will be obvious from an analysis. I would much > rather deal with a known, predictable, and relatively continous transaction > reversal rate (percentage) than have to deal with sudden failures where > some anonymous bad actor makes off with a fortune. > > We already have zero-conf double-spend transaction reversal, why not > explicitly > extend that a little in a way that senders and receivers have a choice to > use it, or not? > > > [1] > http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216 > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development