On Jun 8, 2016 18:46, "Luke Dashjr via bitcoin-dev" <
bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> On Wednesday, June 08, 2016 8:23:51 AM Johnson Lau wrote:
> > If someday 32 bytes hash is deemed to be unsafe, the txid would also be
> > unsafe and a hard fork might be needed. Therefore, I don’t see how a
> > witness program larger than 40 bytes would be useful in any case (as it
is
> > more expensive and takes more UTXO space). I think Pieter doesn’t want
to
> > make it unnecessarily lenient.
>
> There is no harm in being lenient, but it limits the ability to do
softfork
> upgrades in the future. I appreciate Pieter's concern that we'd need to do
> more development and testing to go to this extreme, which is why I am only
> asking the limit raised to 75 bytes.

No strong opinion, but I'd rather not change it anymore, as I don't see the
point. Any data you would want to encode there can be moved to the witness
at 1/4 the cost and replaced by a 256-bit hash. If the data is 43 bytes or
higher, that is even cheaper. The only thing that cannot be in the hash is
metadata to indicate what hashing/rule scheme itself is used. I think 68
bits (OP_n + 8 bytes) for that is plenty.

-- 
Pieter