rhavar at protonmail.com [ARCHIVE] on Nostr: π Original date posted:2018-03-09 π Original message:> Still, re-reading your ...
π
Original date posted:2018-03-09
π Original message:> Still, re-reading your initital post, I'm convinced that the weakening of the
> DoS protections is probably not a huge problem, so maybe lets try this in a
> release and see what happens.
Awesome! I very much agree. The relaxation of some of these DoS prevention rules I think will really open up a lot of use cases and adoption
> Notably, if people actually use this new replacement behavior, the institutions
> doing these sweeps of unconfirmed outputs might stop doing that!
Agree, I'm pretty sure it's unintentional. I know a lot of services struggle with coin selection, so what they do is conceptually have a receive wallet from which they can sweep to their hot wallet (or cold storage) to keep their utxo manageable.
Currently some of them are sweeping unconfirmed inputs with it, but I don't think it's a conscious design choice, just something that happens to be working well now.
(FWIW I observed this behavior like 6+ months ago, I haven't kept track of if it's still happening or how often. But at the time I had to write off the idea of low-fee rbf batch transactions as it was happening too often to be feasible)
β-Ryanβ
βββββββ Original Message βββββββ
On March 9, 2018 1:28 PM, Peter Todd via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> wrote:
> ββ
>
> On Thu, Mar 08, 2018 at 03:07:43PM -0500, Russell O'Connor wrote:
>
> > On Thu, Mar 8, 2018 at 1:34 PM, Peter Todd pete at petertodd.org wrote:
> >
> > > But that's not a good argument: whether or not normal users are trying to
> > >
> > > attack each other has nothing to do with whether or not you're opening up
> > >
> > > an
> > >
> > > attack by relaxing anti-DoS protections.
> >
> > I'm not suggesting removing the anti-DoS protections. I'm suggesting that
> >
> > replaced transaction require a fee increase of at least the min-fee-rate
> >
> > times the size of all the transactions being ejected (in addition to the
> >
> > other proposed requirements).
>
> Fair: you're not removing them entirely, but you are weakening them compared to
>
> the status quo.
>
> > > Equally, how often are normal users who aren't attacking each other
> > >
> > > creating
> > >
> > > issues anyway? You can always have your wallet code just skip use of RBF
> >
> > replacements in the event that someone does spend an unconfirmed output that
> >
> > > you sent them; how often does this actually happen in practice?
> >
> > Just ask rhavar. It happens regularly.
> >
> > Not many wallets let you spend unconfirmed outputs that you didn't create.
> >
> > >
> >
> > The problem is with institutional wallets sweeping incoming payments. It
> >
> > seems that in practice they are happy to sweep unconfirmed outputs.
>
> Pity, that does sound like a problem. :(
>
> > Setting all of the above aside for a moment. We need to understand that
> >
> > rational miners are going to prefer to transactions with higher package fee
> >
> > rates regardless of whatever your personal preferred RBF policy is. If we
> >
> > do not bring the RBF policy to alignment with what is economically
> >
> > rational, then miners are going to change their own policies anyways,
> >
> > probably all in slightly different ways. It behooves everyone to develop a
> >
> > reasonable standard RBF policy, that is still robust against possible DoS
> >
> > vectors, and aligns with miner incentives, so that all participants know
> >
> > what behaviour they can reasonably expect. It is simply a bonus that this
> >
> > change in RBF policy also partially mitigates the problem of pinned
> >
> > transactions.
>
> Miners and full nodes have slightly different priorities here; it's not clear
>
> to me why it matters that they implement slightly different policies.
>
> Still, re-reading your initital post, I'm convinced that the weakening of the
>
> DoS protections is probably not a huge problem, so maybe lets try this in a
>
> release and see what happens.
>
> Notably, if people actually use this new replacement behavior, the institutions
>
> doing these sweeps of unconfirmed outputs might stop doing that! That's
>
> probably a good thing, as respends of potentially conflicted unconfirmed
>
> outputs can be dangerous in reorgs; we're better off if outputs are buried
>
> deeply before being spent again.
>
>
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> https://petertodd.org 'peter'\[:-1\]@petertodd.org
>
> bitcoin-dev mailing list
>
> bitcoin-dev at lists.linuxfoundation.org
>
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
π Original message:> Still, re-reading your initital post, I'm convinced that the weakening of the
> DoS protections is probably not a huge problem, so maybe lets try this in a
> release and see what happens.
Awesome! I very much agree. The relaxation of some of these DoS prevention rules I think will really open up a lot of use cases and adoption
> Notably, if people actually use this new replacement behavior, the institutions
> doing these sweeps of unconfirmed outputs might stop doing that!
Agree, I'm pretty sure it's unintentional. I know a lot of services struggle with coin selection, so what they do is conceptually have a receive wallet from which they can sweep to their hot wallet (or cold storage) to keep their utxo manageable.
Currently some of them are sweeping unconfirmed inputs with it, but I don't think it's a conscious design choice, just something that happens to be working well now.
(FWIW I observed this behavior like 6+ months ago, I haven't kept track of if it's still happening or how often. But at the time I had to write off the idea of low-fee rbf batch transactions as it was happening too often to be feasible)
β-Ryanβ
βββββββ Original Message βββββββ
On March 9, 2018 1:28 PM, Peter Todd via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> wrote:
> ββ
>
> On Thu, Mar 08, 2018 at 03:07:43PM -0500, Russell O'Connor wrote:
>
> > On Thu, Mar 8, 2018 at 1:34 PM, Peter Todd pete at petertodd.org wrote:
> >
> > > But that's not a good argument: whether or not normal users are trying to
> > >
> > > attack each other has nothing to do with whether or not you're opening up
> > >
> > > an
> > >
> > > attack by relaxing anti-DoS protections.
> >
> > I'm not suggesting removing the anti-DoS protections. I'm suggesting that
> >
> > replaced transaction require a fee increase of at least the min-fee-rate
> >
> > times the size of all the transactions being ejected (in addition to the
> >
> > other proposed requirements).
>
> Fair: you're not removing them entirely, but you are weakening them compared to
>
> the status quo.
>
> > > Equally, how often are normal users who aren't attacking each other
> > >
> > > creating
> > >
> > > issues anyway? You can always have your wallet code just skip use of RBF
> >
> > replacements in the event that someone does spend an unconfirmed output that
> >
> > > you sent them; how often does this actually happen in practice?
> >
> > Just ask rhavar. It happens regularly.
> >
> > Not many wallets let you spend unconfirmed outputs that you didn't create.
> >
> > >
> >
> > The problem is with institutional wallets sweeping incoming payments. It
> >
> > seems that in practice they are happy to sweep unconfirmed outputs.
>
> Pity, that does sound like a problem. :(
>
> > Setting all of the above aside for a moment. We need to understand that
> >
> > rational miners are going to prefer to transactions with higher package fee
> >
> > rates regardless of whatever your personal preferred RBF policy is. If we
> >
> > do not bring the RBF policy to alignment with what is economically
> >
> > rational, then miners are going to change their own policies anyways,
> >
> > probably all in slightly different ways. It behooves everyone to develop a
> >
> > reasonable standard RBF policy, that is still robust against possible DoS
> >
> > vectors, and aligns with miner incentives, so that all participants know
> >
> > what behaviour they can reasonably expect. It is simply a bonus that this
> >
> > change in RBF policy also partially mitigates the problem of pinned
> >
> > transactions.
>
> Miners and full nodes have slightly different priorities here; it's not clear
>
> to me why it matters that they implement slightly different policies.
>
> Still, re-reading your initital post, I'm convinced that the weakening of the
>
> DoS protections is probably not a huge problem, so maybe lets try this in a
>
> release and see what happens.
>
> Notably, if people actually use this new replacement behavior, the institutions
>
> doing these sweeps of unconfirmed outputs might stop doing that! That's
>
> probably a good thing, as respends of potentially conflicted unconfirmed
>
> outputs can be dangerous in reorgs; we're better off if outputs are buried
>
> deeply before being spent again.
>
>
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> https://petertodd.org 'peter'\[:-1\]@petertodd.org
>
> bitcoin-dev mailing list
>
> bitcoin-dev at lists.linuxfoundation.org
>
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev