Peter Todd [ARCHIVE] on Nostr: ð Original date posted:2018-03-09 ð Original message:On Thu, Mar 08, 2018 at ...
ð
Original date posted:2018-03-09
ð Original message:On Thu, Mar 08, 2018 at 03:07:43PM -0500, Russell O'Connor wrote:
> On Thu, Mar 8, 2018 at 1:34 PM, Peter Todd <pete at petertodd.org> wrote:
> > But that's not a good argument: whether or not normal users are trying to
> > attack each other has nothing to do with whether or not you're opening up
> > an
> > attack by relaxing anti-DoS protections.
> >
>
> I'm not suggesting removing the anti-DoS protections. I'm suggesting that
> replaced transaction require a fee increase of at least the min-fee-rate
> times the size of all the transactions being ejected (in addition to the
> other proposed requirements).
Fair: you're not removing them entirely, but you are weakening them compared to
the status quo.
> > Equally, how often are normal users who aren't attacking each other
> > creating
> > issues anyway? You can always have your wallet code just skip use of RBF
> >
> replacements in the event that someone does spend an unconfirmed output that
> > you sent them; how often does this actually happen in practice?
>
>
> Just ask rhavar. It happens regularly.
>
> Not many wallets let you spend unconfirmed outputs that you didn't create.
> >
>
> The problem is with institutional wallets sweeping incoming payments. It
> seems that in practice they are happy to sweep unconfirmed outputs.
Pity, that does sound like a problem. :(
> Setting all of the above aside for a moment. We need to understand that
> rational miners are going to prefer to transactions with higher package fee
> rates regardless of whatever your personal preferred RBF policy is. If we
> do not bring the RBF policy to alignment with what is economically
> rational, then miners are going to change their own policies anyways,
> probably all in slightly different ways. It behooves everyone to develop a
> reasonable standard RBF policy, that is still robust against possible DoS
> vectors, and aligns with miner incentives, so that all participants know
> what behaviour they can reasonably expect. It is simply a bonus that this
> change in RBF policy also partially mitigates the problem of pinned
> transactions.
Miners and full nodes have slightly different priorities here; it's not clear
to me why it matters that they implement slightly different policies.
Still, re-reading your initital post, I'm convinced that the weakening of the
DoS protections is probably not a huge problem, so maybe lets try this in a
release and see what happens.
Notably, if people actually use this new replacement behavior, the institutions
doing these sweeps of unconfirmed outputs might stop doing that! That's
probably a good thing, as respends of potentially conflicted unconfirmed
outputs can be dangerous in reorgs; we're better off if outputs are buried
deeply before being spent again.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 614 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180309/5a952ae2/attachment.sig>
ð Original message:On Thu, Mar 08, 2018 at 03:07:43PM -0500, Russell O'Connor wrote:
> On Thu, Mar 8, 2018 at 1:34 PM, Peter Todd <pete at petertodd.org> wrote:
> > But that's not a good argument: whether or not normal users are trying to
> > attack each other has nothing to do with whether or not you're opening up
> > an
> > attack by relaxing anti-DoS protections.
> >
>
> I'm not suggesting removing the anti-DoS protections. I'm suggesting that
> replaced transaction require a fee increase of at least the min-fee-rate
> times the size of all the transactions being ejected (in addition to the
> other proposed requirements).
Fair: you're not removing them entirely, but you are weakening them compared to
the status quo.
> > Equally, how often are normal users who aren't attacking each other
> > creating
> > issues anyway? You can always have your wallet code just skip use of RBF
> >
> replacements in the event that someone does spend an unconfirmed output that
> > you sent them; how often does this actually happen in practice?
>
>
> Just ask rhavar. It happens regularly.
>
> Not many wallets let you spend unconfirmed outputs that you didn't create.
> >
>
> The problem is with institutional wallets sweeping incoming payments. It
> seems that in practice they are happy to sweep unconfirmed outputs.
Pity, that does sound like a problem. :(
> Setting all of the above aside for a moment. We need to understand that
> rational miners are going to prefer to transactions with higher package fee
> rates regardless of whatever your personal preferred RBF policy is. If we
> do not bring the RBF policy to alignment with what is economically
> rational, then miners are going to change their own policies anyways,
> probably all in slightly different ways. It behooves everyone to develop a
> reasonable standard RBF policy, that is still robust against possible DoS
> vectors, and aligns with miner incentives, so that all participants know
> what behaviour they can reasonably expect. It is simply a bonus that this
> change in RBF policy also partially mitigates the problem of pinned
> transactions.
Miners and full nodes have slightly different priorities here; it's not clear
to me why it matters that they implement slightly different policies.
Still, re-reading your initital post, I'm convinced that the weakening of the
DoS protections is probably not a huge problem, so maybe lets try this in a
release and see what happens.
Notably, if people actually use this new replacement behavior, the institutions
doing these sweeps of unconfirmed outputs might stop doing that! That's
probably a good thing, as respends of potentially conflicted unconfirmed
outputs can be dangerous in reorgs; we're better off if outputs are buried
deeply before being spent again.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 614 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180309/5a952ae2/attachment.sig>