đź“… Original date posted:2015-06-19
đź“ť Original message:-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2015-06-19 15:37, Eric Lombrozo wrote:
> OK, a few things here:
>
> The Bitcoin network was designed (or should be designed) with the
> requirement that it can withstand deliberate double-spend attacks that
> can come from anywhere at any time…and relaxing this assumption
> without adequately assessing the risk (i.e. I’ve never been hacked
> before so I can assume it’s safe) is extremely dangerous at best and
> just horrid security practice at worst. Your users might not thank you
> for not getting hacked - but they surely will not like it when you DO
> get hacked…and lack a proper recovery plan.
>
> Furthermore, the protocol itself makes no assumptions regarding the
> intentions behind someone signing two conflicting transactions. There
> are many potential use cases where doing so could make a lot of sense.
> Had the protocol been designed along the lines of, say,
> tendermint…where signing multiple conflicting blocks results in loss
> of one’s funds…then the protocol itself disincentivizes the behavior
> without requiring any sort of altruistic, moralistic assumptions. That
> would also mean we’d need a different mechanism for the use cases that
> things like RBF address.
>
> Thirdly, taken to the extreme, the viewpoint of “signing a conflicting
> transaction is fraud and vandalism” means that if for whatever reason
> you attempt to propagate a transaction and nobody mines it for a very
> long time, you’re not entitled to immediately reclaim those funds…they
> must remain in limbo forever.
I'm not talking about changing the protocol - I'm talking about the
business relationships between users of Bitcoin.
I would expect a payment processor to inform the merchants of relevant
double spends that it observes on the network, even if the payment is
actually successful, so that the merchant can decide for themselves
whether or not to pursue it out of band.
Mining is a kind of technical fallback that allows the network to
resolve human misbehavior without human intervention. If nobody ever
attempted to make a fraudulent payment, we wouldn't need mining at all
because the signed transaction itself is proof of intention to pay. That
it exists doesn't suddenly make fraud less fraudulent and mean that
users who are in a position to pursue out of band recourse shouldn't do
so.
I agree that there are valid reasons for replacing transactions in the
mempool, I just think they should be implemented in a way that doesn't
facilitate fraud.
I'd also like to note that "prima facie" doesn't mean "always", it means
that "the default assumption, unless proven otherwise."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJVhDqcAAoJECpf2nDq2eYjX/UP/RlVIGqzwvdKftFW8kRW1+Dk
3befE2vEIEWFAShNt0pk7/Isqk7prRWQDKP+VNZSJfaoyE3akOe7s3OPWuevVRqM
Y1N658hYnG6NPebkyp5zUQkjT3mXVxOo9Fw9k7JyHgkWaDcwx330z2n6yztleodq
7hlKdW6sZrgqHw+DoF0Zal3QPN0WYm0XAno3uy71RXOs5cAoUxViuVzWHY0oReTQ
uggTggT1A5acmyOM7v65h9Cb2AKcLvHKfSEIwVQbHxYMOT+3GIJOXPKAluh8MjB3
oWg8ERy5dEEHu5kF/MLPQMg5yVQACuQmO2dlmtRoOs3mUQQj+q7dEil/dZMIp0f+
unDKIwLhXMa0sZ+63123UOgaKGZkF7afed3ueniJWQM80VS0WoZvZYhQadT/sCED
Ntfxifi1ZqCiKFeshyN9z7jDC8QEJ3N176Kr/wX76h/vvnPYicMEcfRgSE8EGd10
+oRQQpYzb69WPSFRhhrR3yG9Dev1JfzNPEaIKKYerDk9Vo3OnQ3VaaqBNZwBDo46
4r3O5orFES/ZxMdzWE1cWp99n4T4L6KxdZXmfQSYHehUJBnt62vKuEk9X/Li2ZWo
i3dr3yxx8xhKGGjsSjG03arz70bkXE7SvrICPOs9OEAdGlJI2liLrSWzYU9BbTle
eWvElyVQJsJHgAU8ygvn
=77NP
-----END PGP SIGNATURE-----
justusranvier at riseup.net [ARCHIVE] /
npub1qf…lfn9a
2023-06-07 15:39:07
in reply to nevent1q…pha2
Author Public Key
npub1qf6k0f8p0h89d43l0vnx2xp5yrfgjyl8tg3hkg8jtyudrllgw2usdlfn9aPublished at
2023-06-07 15:39:07Event JSON
{
"id": "0c54f27021f615c3006f242f406d2b475a8198ad18acb2a469e0234999250822",
"pubkey": "027567a4e17dce56d63f7b2665183420d28913e75a237b20f25938d1ffe872b9",
"created_at": 1686152347,
"kind": 1,
"tags": [
[
"e",
"6b4025f674cbd304cabd44490b09b3ceb927f752f6a9f4513b25fefc95bdc008",
"",
"root"
],
[
"e",
"ff251d525bfa7fe2539d736ed8735aa0690d71ea02c7981a5d2214576d07fec2",
"",
"reply"
],
[
"p",
"e899768d254f3537af7e26455968583632d0ab0bd4c780445eacfa087ac80d8f"
]
],
"content": "📅 Original date posted:2015-06-19\n📝 Original message:-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nOn 2015-06-19 15:37, Eric Lombrozo wrote:\n\u003e OK, a few things here:\n\u003e \n\u003e The Bitcoin network was designed (or should be designed) with the\n\u003e requirement that it can withstand deliberate double-spend attacks that\n\u003e can come from anywhere at any time…and relaxing this assumption\n\u003e without adequately assessing the risk (i.e. I’ve never been hacked\n\u003e before so I can assume it’s safe) is extremely dangerous at best and\n\u003e just horrid security practice at worst. Your users might not thank you\n\u003e for not getting hacked - but they surely will not like it when you DO\n\u003e get hacked…and lack a proper recovery plan.\n\u003e \n\u003e Furthermore, the protocol itself makes no assumptions regarding the\n\u003e intentions behind someone signing two conflicting transactions. There\n\u003e are many potential use cases where doing so could make a lot of sense.\n\u003e Had the protocol been designed along the lines of, say,\n\u003e tendermint…where signing multiple conflicting blocks results in loss\n\u003e of one’s funds…then the protocol itself disincentivizes the behavior\n\u003e without requiring any sort of altruistic, moralistic assumptions. That\n\u003e would also mean we’d need a different mechanism for the use cases that\n\u003e things like RBF address.\n\u003e \n\u003e Thirdly, taken to the extreme, the viewpoint of “signing a conflicting\n\u003e transaction is fraud and vandalism” means that if for whatever reason\n\u003e you attempt to propagate a transaction and nobody mines it for a very\n\u003e long time, you’re not entitled to immediately reclaim those funds…they\n\u003e must remain in limbo forever.\n\nI'm not talking about changing the protocol - I'm talking about the \nbusiness relationships between users of Bitcoin.\n\nI would expect a payment processor to inform the merchants of relevant \ndouble spends that it observes on the network, even if the payment is \nactually successful, so that the merchant can decide for themselves \nwhether or not to pursue it out of band.\n\nMining is a kind of technical fallback that allows the network to \nresolve human misbehavior without human intervention. If nobody ever \nattempted to make a fraudulent payment, we wouldn't need mining at all \nbecause the signed transaction itself is proof of intention to pay. That \nit exists doesn't suddenly make fraud less fraudulent and mean that \nusers who are in a position to pursue out of band recourse shouldn't do \nso.\n\nI agree that there are valid reasons for replacing transactions in the \nmempool, I just think they should be implemented in a way that doesn't \nfacilitate fraud.\n\nI'd also like to note that \"prima facie\" doesn't mean \"always\", it means \nthat \"the default assumption, unless proven otherwise.\"\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2\n\niQIcBAEBCgAGBQJVhDqcAAoJECpf2nDq2eYjX/UP/RlVIGqzwvdKftFW8kRW1+Dk\n3befE2vEIEWFAShNt0pk7/Isqk7prRWQDKP+VNZSJfaoyE3akOe7s3OPWuevVRqM\nY1N658hYnG6NPebkyp5zUQkjT3mXVxOo9Fw9k7JyHgkWaDcwx330z2n6yztleodq\n7hlKdW6sZrgqHw+DoF0Zal3QPN0WYm0XAno3uy71RXOs5cAoUxViuVzWHY0oReTQ\nuggTggT1A5acmyOM7v65h9Cb2AKcLvHKfSEIwVQbHxYMOT+3GIJOXPKAluh8MjB3\noWg8ERy5dEEHu5kF/MLPQMg5yVQACuQmO2dlmtRoOs3mUQQj+q7dEil/dZMIp0f+\nunDKIwLhXMa0sZ+63123UOgaKGZkF7afed3ueniJWQM80VS0WoZvZYhQadT/sCED\nNtfxifi1ZqCiKFeshyN9z7jDC8QEJ3N176Kr/wX76h/vvnPYicMEcfRgSE8EGd10\n+oRQQpYzb69WPSFRhhrR3yG9Dev1JfzNPEaIKKYerDk9Vo3OnQ3VaaqBNZwBDo46\n4r3O5orFES/ZxMdzWE1cWp99n4T4L6KxdZXmfQSYHehUJBnt62vKuEk9X/Li2ZWo\ni3dr3yxx8xhKGGjsSjG03arz70bkXE7SvrICPOs9OEAdGlJI2liLrSWzYU9BbTle\neWvElyVQJsJHgAU8ygvn\n=77NP\n-----END PGP SIGNATURE-----",
"sig": "905ac46b479f89e8850a4734f618c5d695c2cf0fb70df41327673c9d11f2bf293eb16b3b4282b358771dfa775f0f60bca4b537c3d91d0c143fe9fe079565ed2d"
}