On Thu, Mar 08, 2018 at 10:39:46AM -0500, Russell O'Connor wrote: > On Thu, Mar 1, 2018 at 10:11 AM, Peter Todd wrote: > > I mean, I think in general solving this problem is probably not possible. > > Basically, the fundamental problem is someone else has consumed network > > bandwidth that should be paid for with fees. What you're trying to do is > > replace a transaction without paying those fees, which is identical to > > what an > > attacker is trying to do, and thus any such scheme will be as vulnerable to > > attack as not having that protection in the first place. > > > > ...which does give you an out: maybe the attack isn't important enough to > > matter. :) > > > > Thanks, that makes sense. > > I still think it is worthwhile pursuing this proposed change in RBF policy > as it would seem that the current policy is problematic in practice today > where participants are just performing normal transactions and are not > trying to attack each other. But that's not a good argument: whether or not normal users are trying to attack each other has nothing to do with whether or not you're opening up an attack by relaxing anti-DoS protections. Equally, how often are normal users who aren't attacking each other creating issues anyway? You can always have your wallet code just skip use of RBF replacements in the event that someone does spend an unconfirmed output that you sent them; how often does this actually happen in practice? Not many wallets let you spend unconfirmed outputs that you didn't create. -- https://petertodd.org 'peter'[:-1]@petertodd.org