Re: [bitcoin-dev] Thoughts on fee bumping

[Antoine Riard via bitcoin-dev]

> In the context of fee bumping, I don't see how this is a criticism
> unique to transaction sponsors, since it also applies to CPFP: if you
> tried to bump fees for transaction A with child txn B, if some mempool
> hasn't seen parent A, it will reject B.

Agree, it's a comment raising the shenanigans of tx-diff-only propagation,
afaict affecting equally all fee-bumping primitives. It wasn't a criticism
specific to transaction sponsors, as at that point of your post, sponsors
are not introduced yet.

> This still doesn't address the issue I'm talking about, which is if you
> pre-commit to some "fee-bumping" key in your CPFP outputs and that key
> ends up being compromised. This isn't a matter of data availability or
> redundancy.

I'm not sure about the real safety risk of the compromise of the anchor
output key. Of course, if your anchor output key is compromised and the
bumped package is already public/known, an attacker can extend your package
with junk to neutralize your carve-out capability (I think). That said,
this issue sounds solved to me with package relay, as you can always
broadcast a new version of the package from the root UTXO, without
attention to the carve-out limitation.

(Side-note: I think we can slowly deprecate the carve-out once package
relay is deployed, as the fee-bumping flexibility of the latter is a
superset of the former).

> As I mentioned in the reply to Matt's message, I'm not quite
> understanding this idea of wanting to bump the fee for something
> without knowing what it is; that doesn't make much sense to me.
> The "bump fee" operation seems contingent on knowing
> what you want to bump.

>From your post : "No rebroadcast (wasted bandwidth) is required for the
original txn data."

I'm objecting to that supposed benefit of a transaction sponsor. If you
have transaction X and transaction Y spending the same UTXO, both of them
can be defined as "the original txn data". If you wish to fee-bump
transaction X with sponsor, how can you be sure that transaction
Y isn't present in the majority of network nodes, and X has _not_ been
dropped since your last broadcast ? Otherwise iirc sponsor design, your
sponsor transaction is going to be rejected.

I think you can't, and thus preventively you should broadcast as a (new
type) of package the sponsoring/sponsored transaction.

That said, I'm not sure if that issue is equally affecting vaults than
payment channels. With vaults, the tree of transactions is  known ahead,
and there is no competition in the spends. Assuming the first broadcast has
been efficient (and it could be a reasonable assumption thanks to mempool
rebroadcast), the sponsor should propagate.

So I think here for the sake of sponsor efficiency analysis, we might have
to class between the protocol with once-for-all-transaction-negotiation
(vaults) and the ones with off-chain, dynamic re-negotiation (payment
channels, factories) ?

> I'm not familiar with the L2 dust-limit issues, and I do think that
> "fixing" RBF behavior is *probably* worthwhile.

Sadly, it sounds that "fixing" RBF behavior is a requirement to eradicate
the most advanced pinnings... That fix is independent of the fee-bumping
primitive considered.

>  Those issues aside, I
> think the transaction sponsors idea may be closer to a silver bullet
> than you're giving it credit for, because designing specifically for the
> fee-management use case has some big benefits.

I don't deny the scheme is interesting, though I would argue SIGHASH_GROUP
is more efficient, while offering more flexibility. In any case, I think we
should still pursue further the collections of problems and requirements
(batching, key management, ...) that new fee-bumping primitives should aim
to solve, before engaging more on the deployment of one of them [0].

[0] In that sense see
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/019031.html

Le lun. 14 févr. 2022 à 15:29, James O'Beirne  a
écrit :

> Thanks for your thoughtful reply Antoine.
>
> > In a distributed system such as the Bitcoin p2p network, you might
> > have transaction A and transaction B  broadcast at the same time and
> > your peer topology might fluctuate between original send and
> > broadcast of the diff, you don't know who's seen what... You might
> > inefficiently announce diff A on top of B and diff B on top A. We
> > might leverage set reconciliation there a la Erlay, though likely
> > with increased round-trips.
>
> In the context of fee bumping, I don't see how this is a criticism
> unique to transaction sponsors, since it also applies to CPFP: if you
> tried to bump fees for transaction A with child txn B, if some mempool
> hasn't seen parent A, it will reject B.
>
> > Have you heard about SIGHASH_GROUP [0] ?
>
> I haven't - I'll spend some time reviewing this. Thanks.
>
> > > [me complaining CPFP requires lock-in to keys]
> >
> > It's true it requires to pre-specify the fee-bumping key. Though note
> > the fee-bumping key can be fully 

Re: [bitcoin-dev] Thoughts on fee bumping

[James O'Beirne via bitcoin-dev]

Thanks for your thoughtful reply Antoine.

> In a distributed system such as the Bitcoin p2p network, you might
> have transaction A and transaction B  broadcast at the same time and
> your peer topology might fluctuate between original send and
> broadcast of the diff, you don't know who's seen what... You might
> inefficiently announce diff A on top of B and diff B on top A. We
> might leverage set reconciliation there a la Erlay, though likely
> with increased round-trips.

In the context of fee bumping, I don't see how this is a criticism
unique to transaction sponsors, since it also applies to CPFP: if you
tried to bump fees for transaction A with child txn B, if some mempool
hasn't seen parent A, it will reject B.

> Have you heard about SIGHASH_GROUP [0] ?

I haven't - I'll spend some time reviewing this. Thanks.

> > [me complaining CPFP requires lock-in to keys]
>
> It's true it requires to pre-specify the fee-bumping key. Though note
> the fee-bumping key can be fully separated from the
> "vaults"/"channels" set of main keys and hosted on replicated
> infrastructure such as watchtowers.

This still doesn't address the issue I'm talking about, which is if you
pre-commit to some "fee-bumping" key in your CPFP outputs and that key
ends up being compromised. This isn't a matter of data availability or
redundancy.

Note that this failure may be unique to vault use cases, when you're
pre-generating potentially large numbers of transactions or covenants
that cannot be altered after the fact. If you generate vault txns that
assume the use of some key for CPFP-based fee bumping and that key
winds up being compromised, that puts you in a an uncomfortable
situation: you can no longer bump fees on unvaulting transactions,
rendering the vaults possibly unretrievable depending on the fee market.

> As a L2 transaction issuer you can't be sure the transaction you wish
> to point to is already in the mempool, or have not been replaced by
> your counterparty spending the same shared-utxo, either competitively
> or maliciously. So as a measure of caution, you should broadcast
> sponsor + target transactions in the same package, thus cancelling
> the bandwidth saving (I think).

As I mentioned in the reply to Matt's message, I'm not quite
understanding this idea of wanting to bump the fee for something
without knowing what it is; that doesn't make much sense to me.
The "bump fee" operation seems contingent on knowing
what you want to bump.

And if you're, say, trying to broadcast a lightning channel close and
you know you need to bump the fee right away, before even broadcasting
it, either you're going to

- reformulate the txn to bring up the fee rate (e.g. add inputs
  with some yet-undeployed sighash) as you would have done with RBF, or

- you'd have the same "package relay" problem with CPFP that you
  would with transaction sponsors.

So I don't understand the objection here.

Also, I didn't mean to discourage existing work on package relay or
fixing RBF, which seem clearly important. Maybe I should have noted
that explicitly in the original message

> I don't think a sponsor is a silver-bullet to solve all the
> L2-related mempool issues. It won't solve the most concerning pinning
> attacks, as I think the bottleneck is replace-by-fee. Neither solve
> the issues encumbered by the L2s by the dust limit.

I'm not familiar with the L2 dust-limit issues, and I do think that
"fixing" RBF behavior is *probably* worthwhile. Those issues aside, I
think the transaction sponsors idea may be closer to a silver bullet
than you're giving it credit for, because designing specifically for the
fee-management use case has some big benefits.

For one, it makes migration easier. That is to say: there is none,
whereas there is existing RBF policy that needs consideration.

But maybe more importantly, transaction sponsors' limited use case also
allows for specifying much more targeted "replacement" policy since
sponsors are special-purpose transactions that only exist to
dynamically bump feerate. E.g. my SIGHASH_{NONE,SINGLE}|ANYONECANPAY
proposal might make complete sense for the sponsors/fee-management use
case, and clarify the replacement problem, but obviously wouldn't work
for more general transaction replacement. In other words, RBF's
general nature might make it a much harder problem to solve well.
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Thoughts on fee bumping

[James O'Beirne via bitcoin-dev]

> This entirely misses the network cost. Yes, sure, we can send
> "diffs", but if you send enough diffs eventually you send a lot of data.

The whole point of that section of the email was to consider the
network cost. There are many cases for which transmitting a
supplementary 1-in-1-out transaction (i.e. a sponsorship txn) is going
to be more efficient from a bandwidth standpoint than rebroadcasting a
potentially large txn during RBF.

> > In an ideal design, special structural foresight would not be
> > needed in order for a txn's feerate to be improved after broadcast.
> >
> > Anchor outputs specified solely for CPFP, which amount to many
> > bytes of wasted chainspace, are a hack. > It's probably
> > uncontroversial at this
>
> This has nothing to do with fee bumping, though, this is only solved
> with covenants or something in that direction, not different relay
> policy.

My post isn't only about relay policy; it's that txn
sponsors allows for fee-bumping in cases where RBF isn't possible and
CPFP would be wasteful, e.g. for a tree of precomputed vault
transactions or - maybe more generally - certain kinds of
covenants.

> How does this not also fail your above criteria of not wasting block
> space?

In certain cases (e.g. vault structures), using sponsorship txns to
bump fees as-needed is more blockspace-efficient than including
mostly-unused CPFP "anchor" outputs that pay to fee-management wallets.
I'm betting there are other similar cases where CPFP anchors are
included but not necessarily used, and amount to wasted blockspace.

> Further, this doesn't solve pinning attacks at all. In lightning we
> want to be able to *replace* something in the mempool (or see it
> confirm soon, but that assumes we know exactly what transaction is in
> "the" mempool). Just being able to sponsor something doesn't help if
> you don't know what that thing is.

When would you be trying to bump the fee on a transaction without
knowing what it is? Seeing a specific transaction "stuck" in the
mempool seems to be a prerequisite to bumping fees. I'm not sure what
you're getting at here.
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] [Lightning-dev] Lightning and other layer 2 projects with multiple RBF policies

[Prayank via bitcoin-dev]

> That's not an argument not to do it though if you take a longer term 
> perspective on building the strongest possible foundation for Lightning or 
> other Layer 2 projects. The security benefit would just be delayed until a 
> significant majority of Bitcoin Core users upgraded to a version including 
> those new policy rules.

1.An attacker does not require significant majority for such attacks. 
2.We aren't fixing the things that are broken. We can change the policy in core 
several times and still not achieve the goal and maybe create new issues.

> A network where *all* full nodes are running the same policy rules is clearly 
> not an option available to us without making policy rules effective consensus 
> rules and forking/kicking those old versions off the network.

A network with a policy already widely used exists right now. 

> Definitely agree. It is a really interesting research area and lots of 
> opportunities for simulations and experiments on the default or custom signet 
> networks. Especially if we fill blocks with auto-generated transactions 
> and/or reduce block sizes and create an artificial fee market.

I don't think I can convince everyone to do this however it will be helpful. I 
will try a few things on regtest and share results if I find anything 
interesting.


-- 
Prayank

A3B1 E430 2298 178F



Feb 14, 2022, 22:32 by michaelfolk...@protonmail.com:

> > This is the assumption which I don't agree with and hence asked some 
> > questions in my email. A new RBF policy used by default in Core will not 
> > improve the security of projects that are vulnerable to multiple RBF 
> > policies or rely on these policies in a way that affects their security. 
>
> Right, not immediately. If and when new policy rules are included in a 
> Bitcoin Core release it would take a while before a significant majority of 
> the network were running those new policy rules (barring some kind of 
> urgency, an attacker exploiting a systemic security flaw etc). That's not an 
> argument not to do it though if you take a longer term perspective on 
> building the strongest possible foundation for Lightning or other Layer 2 
> projects. The security benefit would just be delayed until a significant 
> majority of Bitcoin Core users upgraded to a version including those new 
> policy rules.
>
> > > Bitcoin Core with different versions are used at any point and not sure 
> >if this will ever change.
>
> Sure there will always be some stray full nodes running extremely old 
> versions but the general direction of travel is more and more full nodes 
> upgrading to newer versions. A network where *all* full nodes are running the 
> same policy rules is clearly not an option available to us without making 
> policy rules effective consensus rules and forking/kicking those old versions 
> off the network.
>
> > > Maybe some experiments on signet might help in knowing more issues 
> >associated with multiple RBF policies.
>
> Definitely agree. It is a really interesting research area and lots of 
> opportunities for simulations and experiments on the default or custom signet 
> networks. Especially if we fill blocks with auto-generated transactions 
> and/or reduce block sizes and create an artificial fee market.
>
> --
> Michael Folkson
> Email: michaelfolkson at > protonmail.com > Keybase: 
> michaelfolkson
> PGP: 43ED C999 9F85 1D40 EAF4 9835 92D6 0159 214C FEE3
>
>
>
> --- Original Message ---
>  On Monday, February 14th, 2022 at 5:18 AM, Prayank  
> wrote:
>  
>
>> > I suspect as with defaults generally most users will run whatever the 
>> > defaults are as they won't care to change them (or even be capable of 
>> > changing them if they are very non-technical).
>>
>>
>> 30% nodes are using 0.21.1 right now whereas latest version was 22.0 and 
>> some are even running lower versions. Different versions in future with 
>> defaults might be running RBF v1 and RBF v2.
>>
>> > But users who have a stake in the security of Lightning (or other Layer 2 
>> > projects) will clearly want to run whatever policy rules are beneficial to 
>> > those protocols.
>>
>>
>> Agree and attackers will want to run the nodes with policy that helps them 
>> exploit bitcoin projects. Miners can run nodes with policy that helps them 
>> get more fees. 
>>
>> > As you know the vast majority of the full nodes on the network currently 
>> > run Bitcoin Core. Whether that will change in future and whether this a 
>> > good thing or not is a whole other discussion. But the reality is that 
>> > with such strong dominance there is the option to set defaults that are 
>> > widely used.
>>
>>
>> Bitcoin Core with different versions are used at any point and not sure if 
>> this will ever change.
>>
>> https://luke.dashjr.org/programs/bitcoin/files/charts/security.html
>>
>> https://www.shodan.io/search/facet.png?query=User-Agent%3A%2FSatoshi%2F+port%3A%228333%22=product
>>
>> > I think if certain defaults 

Re: [bitcoin-dev] [Lightning-dev] Lightning and other layer 2 projects with multiple RBF policies

[Michael Folkson via bitcoin-dev]

> This is the assumption which I don't agree with and hence asked some 
> questions in my email. A new RBF policy used by default in Core will not 
> improve the security of projects that are vulnerable to multiple RBF policies 
> or rely on these policies in a way that affects their security.

Right, not immediately. If and when new policy rules are included in a Bitcoin 
Core release it would take a while before a significant majority of the network 
were running those new policy rules (barring some kind of urgency, an attacker 
exploiting a systemic security flaw etc). That's not an argument not to do it 
though if you take a longer term perspective on building the strongest possible 
foundation for Lightning or other Layer 2 projects. The security benefit would 
just be delayed until a significant majority of Bitcoin Core users upgraded to 
a version including those new policy rules.

> Bitcoin Core with different versions are used at any point and not sure if 
> this will ever change.

Sure there will always be some stray full nodes running extremely old versions 
but the general direction of travel is more and more full nodes upgrading to 
newer versions. A network where *all* full nodes are running the same policy 
rules is clearly not an option available to us without making policy rules 
effective consensus rules and forking/kicking those old versions off the 
network.

> Maybe some experiments on signet might help in knowing more issues associated 
> with multiple RBF policies.

Definitely agree. It is a really interesting research area and lots of 
opportunities for simulations and experiments on the default or custom signet 
networks. Especially if we fill blocks with auto-generated transactions and/or 
reduce block sizes and create an artificial fee market.

--
Michael Folkson
Email: michaelfolkson at [protonmail.com](http://protonmail.com/)
Keybase: michaelfolkson
PGP: 43ED C999 9F85 1D40 EAF4 9835 92D6 0159 214C FEE3

--- Original Message ---
On Monday, February 14th, 2022 at 5:18 AM, Prayank  wrote:

>> I suspect as with defaults generally most users will run whatever the 
>> defaults are as they won't care to change them (or even be capable of 
>> changing them if they are very non-technical).
>
> 30% nodes are using 0.21.1 right now whereas latest version was 22.0 and some 
> are even running lower versions. Different versions in future with defaults 
> might be running RBF v1 and RBF v2.
>
>> But users who have a stake in the security of Lightning (or other Layer 2 
>> projects) will clearly want to run whatever policy rules are beneficial to 
>> those protocols.
>
> Agree and attackers will want to run the nodes with policy that helps them 
> exploit bitcoin projects. Miners can run nodes with policy that helps them 
> get more fees.
>
>> As you know the vast majority of the full nodes on the network currently run 
>> Bitcoin Core. Whether that will change in future and whether this a good 
>> thing or not is a whole other discussion. But the reality is that with such 
>> strong dominance there is the option to set defaults that are widely used.
>
> Bitcoin Core with different versions are used at any point and not sure if 
> this will ever change.
>
> https://luke.dashjr.org/programs/bitcoin/files/charts/security.html
>
> https://www.shodan.io/search/facet.png?query=User-Agent%3A%2FSatoshi%2F+port%3A%228333%22=product
>
>> I think if certain defaults can bolster the security of Lightning (and 
>> possibly other Layer 2 projects) at no cost to full node users with no 
>> interest in those protocols we should discuss what those defaults should be.
>
> This is the assumption which I don't agree with and hence asked some 
> questions in my email. A new RBF policy used by default in Core will not 
> improve the security of projects that are vulnerable to multiple RBF policies 
> or rely on these policies in a way that affects their security.
>
> Maybe some experiments on signet might help in knowing more issues associated 
> with multiple RBF policies.
>
> --
> Prayank
>
> A3B1 E430 2298 178F
>
> Feb 13, 2022, 21:16 by michaelfolk...@protonmail.com:
>
>> Hi Prayank
>>
>>> 1.Is Lightning Network and a few other layer 2 projects vulnerable to 
>>> multiple RBF policies being used?
>>
>> Clearly the security of the Lightning Network and some other Layer 2 
>> projects are at least impacted or partly dependent on policy rules in a way 
>> that the base blockchain/network isn't. As I (and others) have said on many 
>> occasions ideally this wouldn't be the case but it is best we can do with 
>> current designs. I (and others) take the view that this is not a reason to 
>> abandon those designs in the absence of an alternative that offers a 
>> strictly superior security model. Going back to a model where *all* activity 
>> is onchain (or even in less trust minimized protocols than Lightning) 
>> doesn't seem like the right approach to me.
>>
>>> 2.With recent discussion to change things 

Re: [bitcoin-dev] [Lightning-dev] Lightning and other layer 2 projects with multiple RBF policies

[Prayank via bitcoin-dev]

> I suspect as with defaults generally most users will run whatever the 
> defaults are as they won't care to change them (or even be capable of 
> changing them if they are very non-technical).
 

30% nodes are using 0.21.1 right now whereas latest version was 22.0 and some 
are even running lower versions. Different versions in future with defaults 
might be running RBF v1 and RBF v2.
> But users who have a stake in the security of Lightning (or other Layer 2 
> projects) will clearly want to run whatever policy rules are beneficial to 
> those protocols.


Agree and attackers will want to run the nodes with policy that helps them 
exploit bitcoin projects. Miners can run nodes with policy that helps them get 
more fees. 

> As you know the vast majority of the full nodes on the network currently run 
> Bitcoin Core. Whether that will change in future and whether this a good 
> thing or not is a whole other discussion. But the reality is that with such 
> strong dominance there is the option to set defaults that are widely used.

Bitcoin Core with different versions are used at any point and not sure if this 
will ever change.

https://luke.dashjr.org/programs/bitcoin/files/charts/security.html

https://www.shodan.io/search/facet.png?query=User-Agent%3A%2FSatoshi%2F+port%3A%228333%22=product
> I think if certain defaults can bolster the security of Lightning (and 
> possibly other Layer 2 projects) at no cost to full node users with no 
> interest in those protocols we should discuss what those defaults should be.


This is the assumption which I don't agree with and hence asked some questions 
in my email. A new RBF policy used by default in Core will not improve the 
security of projects that are vulnerable to multiple RBF policies or rely on 
these policies in a way that affects their security. 

Maybe some experiments on signet might help in knowing more issues associated 
with multiple RBF policies.

-- 
Prayank

A3B1 E430 2298 178F



Feb 13, 2022, 21:16 by michaelfolk...@protonmail.com:

> Hi Prayank
>
> > 1.Is Lightning Network and a few other layer 2 projects vulnerable to 
> > multiple RBF policies being used?
>
> Clearly the security of the Lightning Network and some other Layer 2 projects 
> are at least impacted or partly dependent on policy rules in a way that the 
> base blockchain/network isn't. As I (and others) have said on many occasions 
> ideally this wouldn't be the case but it is best we can do with current 
> designs. I (and others) take the view that this is not a reason to abandon 
> those designs in the absence of an alternative that offers a strictly 
> superior security model. Going back to a model where *all* activity is 
> onchain (or even in less trust minimized protocols than Lightning) doesn't 
> seem like the right approach to me.
>
> > 2.With recent discussion to change things in default RBF policy used by 
> > Core, will we have multiple versions using different policies? Are users 
> > and especially miners incentivized to use different versions and policies? 
> > Do they have freedom to use different RBF policy?
>
> Without making policy rules effective consensus rules users (including 
> miners) are free to run different policy rules. I think it is too early to 
> say what the final incentives will be to run the same or differing policies. 
> Research into Lightning security is still nascent and we have no idea whether 
> alternative Layer 2 projects will thrive and whether they will have the same 
> or conflicting security considerations to Lightning. 
>
> As you know the vast majority of the full nodes on the network currently run 
> Bitcoin Core. Whether that will change in future and whether this a good 
> thing or not is a whole other discussion. But the reality is that with such 
> strong dominance there is the option to set defaults that are widely used. I 
> think if certain defaults can bolster the security of Lightning (and possibly 
> other Layer 2 projects) at no cost to full node users with no interest in 
> those protocols we should discuss what those defaults should be.
>
> > 3.Are the recent improvements suggested for RBF policy only focused on 
> > Lightning Network and its security which will anyway remain same or become 
> > worse with multiple RBF policies?
>
> I think by nature of the Lightning Network being the most widely adopted 
> Layer 2 project most of the focus has been on Lightning security. But 
> contributors to other Layer 2 projects are free to flag and discuss security 
> considerations that aren't Lightning specific.
>
> > Note: Bitcoin Knots policy is fully configurable, even in the GUI - users 
> > can readily choose whatever policy *they* want.
>
> The maintainer(s) and contributors to Bitcoin Knots are free to determine 
> what default policy rules they want to implement (and make it easier for 
> users to change those defaults) in the absence of those policy rules being 
> made effective consensus rules. I suspect there 

Re: [bitcoin-dev] Recursive covenant opposition, or the absence thereof, was Re: TXHASH + CHECKSIGFROMSTACKVERIFY in lieu of CTV and ANYPREVOUT

[Lucky Star via bitcoin-dev]

Hello,

I'm opposed to recursive covenants because they allow the government to 
_gradually_ restrict all bitcoins.

Without covenants, other miners can fork to a free blockchain, if the 
government tells miners each transaction to be added in the block. Thus the 
government cannot impose desires on the Bitcoin community. With covenants, the 
government gradually forces all companies to use the permissible covenants. 
There is no free blockchain, and the government controls more bitcoins each day.

Bitcoin experts Greg Maxwell and Peter Todd explained this reason and many 
others on the forum.[1] More experts also agreed, and it's common knowledge. I 
strongly recommend to support the OP_CHECKTEMPLATEVERIFY. It is well reviewed, 
and it protects the Bitcoin community from the bad effects of covenants. With 
OP_CHECKTEMPLATEVERIFY, we achieve the best of both worlds.

With best regards,
Lucky Star

[1] Maxwell, Greg. "CoinCovenants using SCIP signatures, an amusingly bad 
idea." https://bitcointalk.org/index.php?topic=278122.0;all

> On Mon, Feb 07, 2022 at 08:34:30PM -0800, Jeremy Rubin via bitcoin-dev wrote:
> > Whether [recursive covenants] is an issue or not precluding this sort
> > of design or not, I defer to others.
>
>
> For reference, I believe the last time the merits of allowing recursive
> covenants was discussed at length on this list[1], not a single person
> replied to say that they were opposed to the idea.
>
>
> I would like to suggest that anyone opposed to recursive covenants speak
> for themselves (if any intelligent such people exist). Citing the risk
> of recursive covenants without presenting a credible argument for the
> source of that risk feels to me like (at best) stop energy[2] and (at
> worst) FUD.
>
>
> -Dave
>
>
> [1] 
> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-July/019203.html
> [2] 
> http://radio-weblogs.com/0107584/stories/2002/05/05/stopEnergyByDaveWiner.html
> (thanks to AJ who told me about stop energy one time when I was
> producing it)
>
>
> ___
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev