> So connecting to many nodes just because we can and it's not technically
> prevented is bad for the network and creating systemic risks of failure,

Well it is actually; that's why myself, Wladimir van der Laan, and
Gregory Maxwell all specifically¹ called Chainalysis's actions a sybil
attack.

The Bitcoin P2P network is resilliant to failure when the chance of any
one node going down is uncorrelated with others. For instance if you
accidentally introduced a bug in your nodes that failed to relay
transactions/blocks properly, you'd simultaneously be disrupting a large
portion of the network all at once.

This is exactly what your RBF patch is doing. By your own logic, nodes on the network should be allowed to relay (or not relay) whatever they wish.
 
How many nodes is Coinbase connecting too? What software are they
running? What subnets are they using? In particular, are they all on one
subnet or multiple?

We're running about a dozen nodes running regular Bitcoin Core in various subnets. We aren't doing anything particularly out of the ordinary here. Nothing that would fall under your definition of a sybil attack or harmful to the network.

> > You know, you're creating an interesting bit of game theory here: if I'm
> > a miner who doesn't already have a mining contract, why not implement
> > full-RBF to force Coinbase to offer me one? One reason might be because
> > other miners with such a contract - a majority - are going to be asked
> > by Coinbase to reorg you out of the blockchain, but then we have a
> > situation where a single entity has control of the blockchain.
> >
>
> If someone did enter into contracts with miners to mine certain
> transactions, and had a guarantee that the miners would not build on
> previous blocks which included double spends, then they would only need
> contracts with 51% of the network anyway. So it wouldn't really matter if
> you were a small time miner and wanted to run full-RBF.

But of course, you'd never 51% the network right? After all it's not
possible to guarantee that your miner won't mine double-spends, as there
is no single consensus definition of which transaction came first, nor
can there be.

Or do you see things differently? If I'm a small miner should I be
worried my blocks might be rejected by the majority with hashing power
contracts because I'm unable to predict which transactions Coinbase
believes should go in the blockchain?

You seem so concerned that we are actively trying to harm or control the network. We're simply trying to drive bitcoin adoption by making it easy for people to spend their bitcoin with merchants online. The problems we face are no different from other merchant processors, or small independent merchants accepting online or point-of-sale payments.

We've historically had relatively little interest in what miners were doing (until RBF came out) - for the most part it didn't affect our business. However, most large merchants would be simply uninterested in accepting bitcoin if we forced their customers to wait 10-60 minutes for their payments to confirm. Many have inventory management systems which can not even place items on hold that long.

If full-RBF sees any significant adoption by miners, then it will actively harm bitcoin adoption by reducing or removing the ability for online or POS merchants to accept bitcoin payments at all. I do not see a single benefit to running full-RBF.

FWIW, I'm fine with the first-seen-safe RBF, that seems like a sensible addition and a good way to allow fees to be added or increased on existing transactions, without harming existing applications of bitcoin.

Adrian