Re: [bitcoin-dev] BIP process friction

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Peter Todd <pete@petertodd•org>
To: Michael Folkson <michaelfolkson@protonmail•com>,
	Bitcoin Protocol Discussion
	<bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] BIP process friction
Date: Thu, 18 Jan 2024 18:00:34 +0000	[thread overview]
Message-ID: <ZalnQqvbxhxm8UG2@petertodd.org> (raw)
In-Reply-To: <6ZZYFympMLvwZ3otE_ebPh3wAuPFYb1BKL_3O_NrlQYKfsAJNlobGrZQjK23BxNeIdJ_8x_SAhgF_po1qO68MI_XONG7aPsnEL45y8SNndQ=@protonmail.com>

[-- Attachment #1: Type: text/plain, Size: 5439 bytes --]

On Wed, Jan 17, 2024 at 05:29:48PM +0000, Michael Folkson via bitcoin-dev wrote:
> Hey Luke
> 
> I'd be happy to pick up working on BIP 3 again ([0], [1]) in light of this issue and others that are repeatedly cropping up (e.g. confusion on the recommended flow for working on proposed consensus changes, when to open a pull request to bitcoin-inquisition, when to open a pull request to Core, when to include/exclude activation params etc).
> 
> I don't think there is much I personally disagree with you on with regards to BIPs but one issue where I do think there is disagreement is on whether proposed default policy changes can/should be BIPed.
> 
> I previously drafted this on proposed default policy changes [2]:
> 
> "To address problems such as pinning attacks on Lightning and multiparty protocols (e.g. vaults) there are and will continue to be draft proposals on changing the default policy rules in Bitcoin Core and/or alternative implementations. As these proposals are for default policy rules and **not** consensus rules there is absolutely no obligation for Bitcoin Core and/or alternative implementations to change their default policy rules nor users to run any particular policy rules (default or otherwise). The authors of these draft proposals are clearly recommending what they think the default policy rules should be and what policy rules users should run but it is merely a recommendation. There are a lot of moving parts, subtleties and complexities involved in designing default policy rules so any recommendation(s) to significantly upgrade default policy rules would benefit from being subject to a spec process. This would also aid the review of any policy related pull requests in Bitcoin Core and/or alternative implementations. An interesting recent case study washttps://github.com/bitcoin/bitcoin/pull/22665and Bitcoin Core not implementing the exact wording of BIP 125 RBF. In this case (for various reasons) as a response Bitcoin Core just removed references to BIP 125 and started documenting the replacement to BIP 125 rules in the Bitcoin Core repo instead. However, it is my view that recommendations for default policy rules should be recommendations to all implementations, reviewed by Lightning and multiparty protocol developers (not just Bitcoin Core) and hence they would benefit from being standardized and being subject to a specification process. I will reiterate once again though that policy rules are **not** consensus rules. Consensus rules are much closer to an obligation as divergences from consensus rules risk the user being forked off the blockchain and could ultimately end up in network splits. This does not apply to policy rules."
> 
> Are you open to adjusting your stance on proposed policy changes being BIPed? I do think it really stunts work on proposed default policy changes and people's ability to follow work on these proposals when the specifications for them are littered all over the place. I've certainly struggled to follow the latest state of V3 policy proposals without clear reference points for the latest state of these proposals e.g. [3]. In addition some proposed consensus change BIPs are starting to want to include sections on policy (e.g. BIP345, OP_VAULT [4]) where it would be much better if they could just refer to a separate policy BIP rather than including proposals for both policy and consensus in the same BIP.

BIP-125 is I think an interesting case study. It is a much more fundamental
standard than Ordinals or Taproot Assets, in the sense that transaction
replacement is expected to be used by essentially all wallets as all wallets
have to deal with fee-rate fluctuations; I do not think that Ordinals or
Taproot assets are appropriate BIP material due to their niche use-case.

The V3 proposal, and ephemeral anchors, would be expected to be used by a wide
range of contracting protocols, most notably lightning. This isn't quite as
broad usage as BIP-124 RBF. But it is close. And yes, Core making changes to
what is essentially BIP125 has an impact: just the other day I ran into someone
that didn't know RBF Rule #6 existed, which Core added on top of BIP-125, and
had made a mistake in their safety analysis of a protocol due to that.

Meanwhile, engineering documentation on V3 is extremely lacking, with basics
like worked through use-case examples not being available. We don't even have
solid agreement let alone documentation on how Lightning channels are meant to
use V3 transactions and what the trade-offs are. And that has lead to mistaken
claims, such as overstating(1) the benefit V3 transactions in their current
form have for transaction pinning.

I don't think V3 necessarily needs a formal BIP. But it would benefit from a
proper engineering process where use-cases are actually worked out and analyzed
properly.

Finally, I think the lesson to be learned here is that mempool policy is better
served by *living* documentation that gets updated to reflect the real world.
There's no easy way for someone to get up to speed on what mempool policy is
actually implemented, and more importantly, *why* it is implemented and what
trade-offs were made to get there. It's quite possible that this "living
documentation" requirement rules out the BIP process.

1) https://petertodd.org/2023/v3-txs-pinning-vulnerability

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

next prev parent reply	other threads:[~2024-01-18 18:00 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-01-17  2:42 Anthony Towns
2024-01-17  6:55 ` Christopher Allen
2024-01-17 16:45   ` Luke Dashjr
2024-01-17 17:29     ` Michael Folkson
2024-01-18 18:00       ` Peter Todd [this message]
2024-01-19 19:27         ` Michael Folkson
2024-01-18 15:41 ` David A. Harding
2024-01-19  0:46   ` Anthony Towns
2024-01-19  2:33     ` Karl-Johan Alm
2024-01-18 16:47 ` alicexbt
2024-01-18 17:42   ` Peter Todd

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZalnQqvbxhxm8UG2@petertodd.org \
    --to=pete@petertodd$(echo .)org \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    --cc=michaelfolkson@protonmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox