From: Tom Harding <tomh@thinlink•com>
To: Peter Todd <pete@petertodd•org>,
Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] Update to Double-Spend Deprecation Window Proposal
Date: Mon, 09 Feb 2015 05:37:39 -0800 [thread overview]
Message-ID: <54D8B823.7000300@thinlink.com> (raw)
In-Reply-To: <A2F3F5F0-29EF-412E-A170-6E9B064F2ACE@petertodd.org>
Many thanks for the feedback Peter. Please if you would, see below
On 2/8/2015 10:32 PM, Peter Todd wrote:
> Seeing a transaction is not a guarantee that any other node has seen it; not seeing a transaction is not a guarantee other nodes have not seen a spend.
In no way does proposal rely on such assumptions. It develops local
rules which result in a desirable outcome for the network as a whole,
under the applicable statistics.
> you're measuring a network that isn't under attack; Bitcoin must be robust against attacks, and it must not create incentives to launch them.
Two specific attacks are addressed at some length. No one is keener
than I to learn of new ones, or flaws in those treatments.
> Institutionalising the punishment of miners being they did not have perfect connectivity - an unattainable goal in a trust less, decentralised system - is athema to the goals of having a decentralised systmem and will only lead to smaller mining operations being punished for being the victim of attacks on their network connectivity that are only made profitable by this proposal.
Building from unavoidable imperfections is the necessary spirit when
interfacing with physical reality. I would defer to miners whether
these specific worries outweigh the benefits of helping to achieve a 30
second network, rather than a 10±10 minute network.
> Equally your proposal actually makes it *easier* to pull off apparently single-confirm double-spend attacks - any miner who ignores a block containing the apparent double-spend is just as likely to be aiding an attacker trying to get a 1-conf transaction double-spent. This forces *everyone* to waiting *longer* before accepting a transaction because now even a single-confirmation is no longer good evidence of an accepted transaction. In an ecosystem where hardly anyone relies on zeroconf anyway your putting a much larger group of people at risk who weren't at risk before.
I agree on one point -- it is necessary to let transactions mature for
something on the order of 15 to 30 seconds before mining them, as
discussed in proposal. I quite disagree regarding Finney (1-conf)
attacks. In fact this proposal is the only one I've seen that actually
stops most Finney attacks -- all those where the block comes more than
30 seconds after tx1.
prev parent reply other threads:[~2015-02-09 13:37 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-09 3:38 Tom Harding
2015-02-09 6:32 ` Peter Todd
2015-02-09 13:37 ` Tom Harding [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54D8B823.7000300@thinlink.com \
--to=tomh@thinlink$(echo .)com \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=pete@petertodd$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox