Jeff Garzik [ARCHIVE] on Nostr: š Original date posted:2015-02-23 š Original message:On Sun, Feb 22, 2015 at ...
š
Original date posted:2015-02-23
š Original message:On Sun, Feb 22, 2015 at 6:29 PM, Eric Lombrozo <elombrozo at gmail.com> wrote:
> As for 0-conf security, there are instances where 0-conf transactions make a
> lot of sense - i.e. paying for utilities, ISP, web hosting, or other such
> services which could be immediately shut off upon detection of a
> double-spend.
Indeed. 0-conf risk calculus must include business conditions.
Business cases such as placing an order for a physical good, making an
in-person purchase at a brick-n-mortar store, or subscriptions already
have countermeasures in place if funds go astray. Order fulfilment
can be stopped, subscriptions cancelled, photos handed to police.
A thief wants to maximize return, which usually means either stealing
a few large amounts or many small amounts. Double-spending against a
SatoshiDICE clone is easy to automate. Many other purchase situations
are difficult to repeat without getting caught, or the level of effort
(cost) is greater than the payout of double-spending a small amount.
0-conf is typically only used for small amounts, where useful theft
relies on high repetition.
Purely online, mostly anonymous services like SatoshiDICE will be
easily attacked if they accept 0-conf transactions as there is little
customer/reputation relationship to leverage. However, that
observation cannot be easily applied to most other businesses.
--
Jeff Garzik
Bitcoin core developer and open source evangelist
BitPay, Inc. https://bitpay.com/
š Original message:On Sun, Feb 22, 2015 at 6:29 PM, Eric Lombrozo <elombrozo at gmail.com> wrote:
> As for 0-conf security, there are instances where 0-conf transactions make a
> lot of sense - i.e. paying for utilities, ISP, web hosting, or other such
> services which could be immediately shut off upon detection of a
> double-spend.
Indeed. 0-conf risk calculus must include business conditions.
Business cases such as placing an order for a physical good, making an
in-person purchase at a brick-n-mortar store, or subscriptions already
have countermeasures in place if funds go astray. Order fulfilment
can be stopped, subscriptions cancelled, photos handed to police.
A thief wants to maximize return, which usually means either stealing
a few large amounts or many small amounts. Double-spending against a
SatoshiDICE clone is easy to automate. Many other purchase situations
are difficult to repeat without getting caught, or the level of effort
(cost) is greater than the payout of double-spending a small amount.
0-conf is typically only used for small amounts, where useful theft
relies on high repetition.
Purely online, mostly anonymous services like SatoshiDICE will be
easily attacked if they accept 0-conf transactions as there is little
customer/reputation relationship to leverage. However, that
observation cannot be easily applied to most other businesses.
--
Jeff Garzik
Bitcoin core developer and open source evangelist
BitPay, Inc. https://bitpay.com/