[Bitcoin-development] replace-by-fee v0.10.0rc4

[Troy Benjegerdes]

On Sun, Feb 15, 2015 at 11:40:24PM +0200, Adam Gibson wrote:
> 
> 
> On 02/15/2015 11:25 PM, Troy Benjegerdes wrote:
> > 
> > Most money/payment systems include some method to reverse or undo 
> > payments made in error. In these systems, the longer settlement
> > times you mention below are a feature, not a bug, and give more
> > time for a human to react to errors and system failures.
> > 
> 
> Settlement has to be final somewhere. That is the whole point of it.
> Transfer costs in current electronic payment systems are a direct
> consequence of their non-finality. That's the point Satoshi was making
> in the introduction to the whitepaper: "With the possibility of
> reversal, the need for trust spreads".

The problem with that statement is I trust a merchant that I went into
a store and made a payment with personally more than I trust the firmware
on my hard drive [1].

The attack surface of devices in your computer is huge. A motivated attacker
just needs to get an intern into a company that makes some kind of component
or system that's in your computer, cloud server, hardware wallet, or what 
have you that has firmware capable of reading your private keys.

With the possibility of mass trojaned hardware, if we are going to trust 
the system, it must somehow allow reversal through a human-in-the-loop.
 
> There is nothing wrong with having reversible mechanisms built on top
> of Bitcoin, and indeed it makes sense for most activity to happen at
> those higher layers. It's easy to build things that way, but
> impossible to build them the other way: you can't build a
> non-reversible layer on top of a reversible layer.

We built 'reliable' TCP on top of unreliable ethernet networks. My experience
with networking was if you tried to guarantee message delivery at the lowest
level, the system got exceedingly complicated, expensive, and brittle.

Most applications, in particular paying someone you already trust, are quite
happy running on reversible systems, and in some cases more reliable and 
lower risk. (carrying non-reversible cash is generally considered risky)

The problem is that if the base currency is assumed to be non-reversible, 
then it's brittle and becomes 'too big to fail'.

Where the blockchain improves on everything else is in transparency. If you
reverse transactions a lot, it will be obvious from an analysis. I would much
rather deal with a known, predictable, and relatively continous transaction
reversal rate (percentage) than have to deal with sudden failures where 
some anonymous bad actor makes off with a fortune.

We already have zero-conf double-spend transaction reversal, why not explicitly
extend that a little in a way that senders and receivers have a choice to 
use it, or not?


[1] http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216