[Bitcoin-development] F2Pool has enabled full replace-by-fee
justusranvier at riseup.net
justusranvier at riseup.net
Fri Jun 19 15:53:01 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
On 2015-06-19 15:37, Eric Lombrozo wrote:
> OK, a few things here:
> The Bitcoin network was designed (or should be designed) with the
> requirement that it can withstand deliberate double-spend attacks that
> can come from anywhere at any time…and relaxing this assumption
> without adequately assessing the risk (i.e. I’ve never been hacked
> before so I can assume it’s safe) is extremely dangerous at best and
> just horrid security practice at worst. Your users might not thank you
> for not getting hacked - but they surely will not like it when you DO
> get hacked…and lack a proper recovery plan.
> Furthermore, the protocol itself makes no assumptions regarding the
> intentions behind someone signing two conflicting transactions. There
> are many potential use cases where doing so could make a lot of sense.
> Had the protocol been designed along the lines of, say,
> tendermint…where signing multiple conflicting blocks results in loss
> of one’s funds…then the protocol itself disincentivizes the behavior
> without requiring any sort of altruistic, moralistic assumptions. That
> would also mean we’d need a different mechanism for the use cases that
> things like RBF address.
> Thirdly, taken to the extreme, the viewpoint of “signing a conflicting
> transaction is fraud and vandalism” means that if for whatever reason
> you attempt to propagate a transaction and nobody mines it for a very
> long time, you’re not entitled to immediately reclaim those funds…they
> must remain in limbo forever.
I'm not talking about changing the protocol - I'm talking about the
business relationships between users of Bitcoin.
I would expect a payment processor to inform the merchants of relevant
double spends that it observes on the network, even if the payment is
actually successful, so that the merchant can decide for themselves
whether or not to pursue it out of band.
Mining is a kind of technical fallback that allows the network to
resolve human misbehavior without human intervention. If nobody ever
attempted to make a fraudulent payment, we wouldn't need mining at all
because the signed transaction itself is proof of intention to pay. That
it exists doesn't suddenly make fraud less fraudulent and mean that
users who are in a position to pursue out of band recourse shouldn't do
I agree that there are valid reasons for replacing transactions in the
mempool, I just think they should be implemented in a way that doesn't
I'd also like to note that "prima facie" doesn't mean "always", it means
that "the default assumption, unless proven otherwise."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the bitcoin-dev