On Mon, Nov 04, 2013 at 12:10:38PM +0100, Adam Back wrote:
> Might leak less wiggle room and be simpler/more robut to validate that
> *everything* has to be the same except for the amount going to one (presumed
> change) address.  A privacy leak I know, but dont do that - ie send enough
> change the first time.  And network analysis has shown change addresses
> arent adding hardly any privacy.
> 
> We need more robust privacy fixes independently.  I do not support damaging
> the 0-conf feature, so I think this later approach is a better track for
> revising fees.

There's been a number of uses found for tx-replacement beyond simply
modifying fees. In additition, allowing for the value of a specificly
designated change address to be changed after the fact is not compatible
with current zero-conf-using implementations; they don't know to treat a
txout as special so allowing its value to be reduced would allow for a
zeroconf attack.

Anyway, if you look at the code that actually implements the
replacement, it's extremely simple already. I see no reason to make it
less general; transaction relaying rules are not part of consensus.

-- 
'peter'[:-1]@petertodd.org
000000000000000a6dd96c551eca7299463e4e523462798a006535f412b519c7