On Sun, Feb 22, 2015 at 6:29 PM, Eric Lombrozo <elombr...@gmail.com> wrote:
> As for 0-conf security, there are instances where 0-conf transactions make a
> lot of sense - i.e. paying for utilities, ISP, web hosting, or other such
> services which could be immediately shut off upon detection of a
> double-spend.

Indeed.  0-conf risk calculus must include business conditions.

Business cases such as placing an order for a physical good, making an
in-person purchase at a brick-n-mortar store, or subscriptions already
have countermeasures in place if funds go astray.  Order fulfilment
can be stopped, subscriptions cancelled, photos handed to police.

A thief wants to maximize return, which usually means either stealing
a few large amounts or many small amounts.  Double-spending against a
SatoshiDICE clone is easy to automate.  Many other purchase situations
are difficult to repeat without getting caught, or the level of effort
(cost) is greater than the payout of double-spending a small amount.
0-conf is typically only used for small amounts, where useful theft
relies on high repetition.

Purely online, mostly anonymous services like SatoshiDICE will be
easily attacked if they accept 0-conf transactions as there is little
customer/reputation relationship to leverage.  However, that
observation cannot be easily applied to most other businesses.

Jeff Garzik
Bitcoin core developer and open source evangelist
BitPay, Inc.      https://bitpay.com/

Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
Bitcoin-development mailing list

Reply via email to