Re: [bitcoin-dev] Generalizing feature negotiation when new p2p connections are setup

From: Eric Voskuil <eric@voskuil•org>
To: Suhas Daftuar <sdaftuar@gmail•com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Generalizing feature negotiation when new p2p connections are setup
Date: Mon, 17 Aug 2020 14:21:53 -0700	[thread overview]
Message-ID: <6FCCEC96-02F7-48D7-92EC-52234B94805B@voskuil.org> (raw)
In-Reply-To: <CAFp6fsH==PJ38vGvCGUr3AVS8XmQEjvLkNaopAhu0vY7xQjgAw@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 6269 bytes --]

Hi Suhas,

It seems to me that your first two paragraphs contradict each other, so I’m not sure we have understanding. As you say in the first paragraph, a peer would never get messages that it does not understand, so there is no chance that missing a protocol change would matter.

In case it’s not understood, version negotiation provides each peer with the maximum supported protocol version of the other. Once complete both have negotiated to the highest common version. No message not supported at that version may be sent by either.

If the protocol was to accept *any* message traffic then it will cease to be a protocol. People will drop in their changes without obtaining broad support, and peers will evolve to the point of no longer being peers. They won’t speak the same language and the “network” will be little more than a broadcast transport, broadcasting all traffic to all peers, whether it’s for them or not.

People need to either build support or build a distinct network. That’s the actual coordination issue, which is inherent to protocol development.

Best,
e

> On Aug 17, 2020, at 13:40, Suhas Daftuar <sdaftuar@gmail•com> wrote:
> 
> Hi Eric,
> 
> Thanks for your response.  If I understand correctly, you're suggesting that in the future we do the same as what was done in BIP 339, of accompanying new messages (which are optional) with a protocol version bump, so that network clients are never reading unknown messages from a peer (and can be free to disconnect a peer for sending an unknown message)?
> 
> I think that works fine, so if indeed there will be software that will expect things to operate this way then I can withdraw the suggestion I've made in this thread.  However I wanted to clarify that this is what you suggest, because there is another downside to this approach (beyond the sequential nature of sequence numbers that you mention) -- if a software implementation misses a proposed new protocol upgrade, and thus fails to parse (and ignore) some proposed new message, the result can be a network split down the road as incompatible clients get slowly upgraded over time. 
> 
> I think this coordination cost is something to be concerned about -- for instance, the lack of response to my wtxid-relay proposal made me wonder if other software would be implementing something to account for the new message that proposal introduces (for clients with version >= 70016).  It's reasonable for people to be busy and miss things like this, and I think it's worth considering whether there's a safer way for us to deploy changes.
> 
> That said, I don't think this coordination cost is unbearable, so as long as we have a process for making p2p protocol improvements I'm not too worried about what mechanism we use.  So if this concern over coordination of changes doesn't sway you, I think we can continue to just bump protocol version at the same time as deploying new messages, as we have been doing, and hope that we don't run into problems down the road.  
> 
> If I have misunderstood how you think we should be making future protocol changes, please let me know.
> 
> Thanks,
> Suhas
> 
> 
> 
>> On Sun, Aug 16, 2020 at 3:06 PM Eric Voskuil <eric@voskuil•org> wrote:
>> A requirement to ignore unknown (invalid) messages is not only a protocol breaking change but poor protocol design. The purpose of version negotiation is to determine the set of valid messages. Changes to version negotiation itself are very problematic.
>> 
>> The only limitation presented by versioning is that the system is sequential. As such, clients that do not wish to implement (or operators who do not wish to enable) them are faced with a problem when wanting to support later features. This is resolvable by making such features optional at the new protocol level. This allows each client to limit its communication to the negotiated protocol, and allows ignoring of known but unsupported/disabled features.
>> 
>> Sorry I missed your earlier post. Been distracted for a while.
>> 
>> e
>> 
>> 
>>>> On Aug 14, 2020, at 12:28, Suhas Daftuar via bitcoin-dev <bitcoin-dev@lists•linuxfoundation.org> wrote:
>>>> 
>>> 
>>> Hi,
>>> 
>>> Back in February I posted a proposal for WTXID-based transaction relay[1] (now known as BIP 339), which included a proposal for feature negotiation to take place prior to the VERACK message being received by each side.  In my email to this list, I had asked for feedback as to whether that proposal was problematic, and didn't receive any responses.
>>> 
>>> Since then, the implementation of BIP 339 has been merged into Bitcoin Core, though it has not yet been released.
>>> 
>>> In thinking about the mechanism used there, I thought it would be helpful to codify in a BIP the idea that Bitcoin network clients should ignore unknown messages received before a VERACK.  A draft of my proposal is available here[2].
>>> 
>>> I presume that software upgrading past protocol version 70016 was already planning to either implement BIP 339, or ignore the wtxidrelay message proposed in BIP 339 (if not, then this would create network split concerns in the future -- so I hope that someone would speak up if this were a problem).  When we propose future protocol upgrades that would benefit from feature negotiation at the time of connection, I think it would be nice to be able to use the same method as proposed in BIP 339, without even needing to bump the protocol version.  So having an understanding that this is the standard of how other network clients operate would be helpful.
>>> 
>>> If, on the other hand, this is problematic for some reason, I look forward to hearing that as well, so that we can be careful about how we deploy future p2p changes to avoid disruption.
>>> 
>>> Thanks,
>>> Suhas Daftuar
>>> 
>>> [1] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-February/017648.html
>>> 
>>> [2] https://github.com/sdaftuar/bips/blob/2020-08-generalized-feature-negotiation/bip-p2p-feature-negotiation.mediawiki
>>> _______________________________________________
>>> bitcoin-dev mailing list
>>> bitcoin-dev@lists•linuxfoundation.org
>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

[-- Attachment #2: Type: text/html, Size: 8256 bytes --]