📅 Original date posted:2015-05-26
📝 Original message:On 5/26/2015 4:11 PM, Gregory Maxwell wrote:
> On Tue, May 26, 2015 at 11:00 PM, Tom Harding <tomh at thinlink.com> wrote:
>> The bitcoin transaction is part of a real-world "deal" with unknown
>> connections to the other parts
> I'm having a hard time parsing this. You might as well say that its
> part of a weeblix for how informative it is, since you've not defined
> it.
For example, you are paying for concert tickets. The deal is concert
tickets for bitcoin. Or you're buying a company with 3 other investors.
>> not the case if paying parties are kicked out of the deal, and possibly
>> don't learn about it right away.
> The signatures of a transaction can always be changed any any time,
> including by the miner, as they're not signed.
Miners can't update the signature on input #0 after removing input #1.
>
>> A subset of parties to an Armory simulfunding transaction (an actual
>> multi-input use case) could replace one signer's input after they broadcast
>> it.
> They can already do this.
Replacement is about how difficult it is to change the tx after it is
broadcast and seen by observers.
>> Maybe the
>> receiver cares where he is paid from or is basing a subsequent decision on
>> it. Maybe a new output is being added, whose presence makes the transaction
>> less likely to be confirmed quickly, with that speed affecting the business.
> The RBF behavior always moves in the direction of more prefered or
> otherwise the node would not switch to the replacement. Petertodd
> should perhaps make that more clear.
>
> But your "maybe"s are what I was asking you to clarify. You said it
> wasn't hard to imagine; so I was asking for specific clarification.
Pick any one "maybe". They're only maybes because it's not realistic
for them all to happen at once.
>
>> With Kalle's Proof of Payment proposed standard, one payer in a two-input
>> transaction could decide to boot the other, and claim the concert tickets
>> all for himself. The fact that he pays is not the only consideration in the
>> real world -- what if these are the last 2 tickets?
> They can already do that.
Not without replacement, after broadcast, unless they successfully pay
twice.
>
>> I'd argue that changing how an input is signed doesn't change the deal. For
>> example if a different 2 of 3 multisig participants sign, those 3 people
>> gave up that level of control when they created the multisig.
> Then why do you not argue that changing the input set does not change
> the weeblix?
>
> Why is one case of writing out a participant different that the other
> case of writing out a participant?
In the multisig input case, each signer already accepted the possibility
of being written out. Peter Todd's proposal is in the spirit of not
willfully making unconfirmed txes less reliable. I'm suggesting that
multi-input signers should be included in the set of people for whom
they don't get less reliable.
>
>> Replacement is new - we have a choice what kind of warnings we need to give
>> to signers of multi-input transactions. IMHO we should avoid needing a
>> stronger warning than is already needed for 0-conf.
> How could a _stronger_ warning be required?
We'd have to warn signers to multi-input txes instead of just warning
receivers.
Tom Harding [ARCHIVE] /
npub1ms…pmwjy
2023-06-07 15:35:40
in reply to nevent1q…d5e3
Author Public Key
npub1msef5qkfwz4t7qacwxz775wgdtlytph78g2g2z903x90874u263sypmwjyPublished at
2023-06-07 15:35:40Event JSON
{
"id": "1aee6041a4182071bbc65af164f4a23eadc87ffe7b4fc4cb1ce508df12af4c30",
"pubkey": "dc329a02c970aabf03b87185ef51c86afe4586fe3a148508af898af3fabc56a3",
"created_at": 1686152140,
"kind": 1,
"tags": [
[
"e",
"e6c8eb34d0e86c10ed0d76592650d9925932c212d8ecca31dd7a7a68e753372d",
"",
"root"
],
[
"e",
"bda9f2bf8567b4045529466d0624509be4e8e5ec3ce87472c4d9a19338a8ee0d",
"",
"reply"
],
[
"p",
"4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73"
]
],
"content": "📅 Original date posted:2015-05-26\n📝 Original message:On 5/26/2015 4:11 PM, Gregory Maxwell wrote:\n\u003e On Tue, May 26, 2015 at 11:00 PM, Tom Harding \u003ctomh at thinlink.com\u003e wrote:\n\u003e\u003e The bitcoin transaction is part of a real-world \"deal\" with unknown\n\u003e\u003e connections to the other parts\n\u003e I'm having a hard time parsing this. You might as well say that its\n\u003e part of a weeblix for how informative it is, since you've not defined\n\u003e it.\n\nFor example, you are paying for concert tickets. The deal is concert \ntickets for bitcoin. Or you're buying a company with 3 other investors.\n\n\n\u003e\u003e not the case if paying parties are kicked out of the deal, and possibly\n\u003e\u003e don't learn about it right away.\n\u003e The signatures of a transaction can always be changed any any time,\n\u003e including by the miner, as they're not signed.\n\nMiners can't update the signature on input #0 after removing input #1.\n\n\n\u003e\n\u003e\u003e A subset of parties to an Armory simulfunding transaction (an actual\n\u003e\u003e multi-input use case) could replace one signer's input after they broadcast\n\u003e\u003e it.\n\u003e They can already do this.\n\nReplacement is about how difficult it is to change the tx after it is \nbroadcast and seen by observers.\n\n\n\u003e\u003e Maybe the\n\u003e\u003e receiver cares where he is paid from or is basing a subsequent decision on\n\u003e\u003e it. Maybe a new output is being added, whose presence makes the transaction\n\u003e\u003e less likely to be confirmed quickly, with that speed affecting the business.\n\u003e The RBF behavior always moves in the direction of more prefered or\n\u003e otherwise the node would not switch to the replacement. Petertodd\n\u003e should perhaps make that more clear.\n\u003e\n\u003e But your \"maybe\"s are what I was asking you to clarify. You said it\n\u003e wasn't hard to imagine; so I was asking for specific clarification.\n\nPick any one \"maybe\". They're only maybes because it's not realistic \nfor them all to happen at once.\n\n\n\u003e\n\u003e\u003e With Kalle's Proof of Payment proposed standard, one payer in a two-input\n\u003e\u003e transaction could decide to boot the other, and claim the concert tickets\n\u003e\u003e all for himself. The fact that he pays is not the only consideration in the\n\u003e\u003e real world -- what if these are the last 2 tickets?\n\u003e They can already do that.\n\nNot without replacement, after broadcast, unless they successfully pay \ntwice.\n\n\n\u003e\n\u003e\u003e I'd argue that changing how an input is signed doesn't change the deal. For\n\u003e\u003e example if a different 2 of 3 multisig participants sign, those 3 people\n\u003e\u003e gave up that level of control when they created the multisig.\n\u003e Then why do you not argue that changing the input set does not change\n\u003e the weeblix?\n\u003e\n\u003e Why is one case of writing out a participant different that the other\n\u003e case of writing out a participant?\n\nIn the multisig input case, each signer already accepted the possibility \nof being written out. Peter Todd's proposal is in the spirit of not \nwillfully making unconfirmed txes less reliable. I'm suggesting that \nmulti-input signers should be included in the set of people for whom \nthey don't get less reliable.\n\n\n\u003e\n\u003e\u003e Replacement is new - we have a choice what kind of warnings we need to give\n\u003e\u003e to signers of multi-input transactions. IMHO we should avoid needing a\n\u003e\u003e stronger warning than is already needed for 0-conf.\n\u003e How could a _stronger_ warning be required?\n\nWe'd have to warn signers to multi-input txes instead of just warning \nreceivers.",
"sig": "87720d91efa50054d3738681b945b2ee270970f5fbd189f264091bd9c774a56b7208733dde271eb80723caec7b4c1e40bd96ae94c72e8e231395ad52b6df9780"
}