public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Troy Benjegerdes <hozer@hozed.org>
To: Adam Gibson <ekaggata@gmail.com>
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] replace-by-fee v0.10.0rc4
Date: Thu, 19 Feb 2015 02:56:04 -0600	[thread overview]
Message-ID: <20150219085604.GT14804@nl.grid.coop> (raw)
In-Reply-To: <54E11248.6090401@gmail.com>

On Sun, Feb 15, 2015 at 11:40:24PM +0200, Adam Gibson wrote:
> 
> 
> On 02/15/2015 11:25 PM, Troy Benjegerdes wrote:
> > 
> > Most money/payment systems include some method to reverse or undo 
> > payments made in error. In these systems, the longer settlement
> > times you mention below are a feature, not a bug, and give more
> > time for a human to react to errors and system failures.
> > 
> 
> Settlement has to be final somewhere. That is the whole point of it.
> Transfer costs in current electronic payment systems are a direct
> consequence of their non-finality. That's the point Satoshi was making
> in the introduction to the whitepaper: "With the possibility of
> reversal, the need for trust spreads".

The problem with that statement is I trust a merchant that I went into
a store and made a payment with personally more than I trust the firmware
on my hard drive [1].

The attack surface of devices in your computer is huge. A motivated attacker
just needs to get an intern into a company that makes some kind of component
or system that's in your computer, cloud server, hardware wallet, or what 
have you that has firmware capable of reading your private keys.

With the possibility of mass trojaned hardware, if we are going to trust 
the system, it must somehow allow reversal through a human-in-the-loop.
 
> There is nothing wrong with having reversible mechanisms built on top
> of Bitcoin, and indeed it makes sense for most activity to happen at
> those higher layers. It's easy to build things that way, but
> impossible to build them the other way: you can't build a
> non-reversible layer on top of a reversible layer.

We built 'reliable' TCP on top of unreliable ethernet networks. My experience
with networking was if you tried to guarantee message delivery at the lowest
level, the system got exceedingly complicated, expensive, and brittle.

Most applications, in particular paying someone you already trust, are quite
happy running on reversible systems, and in some cases more reliable and 
lower risk. (carrying non-reversible cash is generally considered risky)

The problem is that if the base currency is assumed to be non-reversible, 
then it's brittle and becomes 'too big to fail'.

Where the blockchain improves on everything else is in transparency. If you
reverse transactions a lot, it will be obvious from an analysis. I would much
rather deal with a known, predictable, and relatively continous transaction
reversal rate (percentage) than have to deal with sudden failures where 
some anonymous bad actor makes off with a fortune.

We already have zero-conf double-spend transaction reversal, why not explicitly
extend that a little in a way that senders and receivers have a choice to 
use it, or not?


[1] http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216



  reply	other threads:[~2015-02-19  8:56 UTC|newest]

Thread overview: 79+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-02-12  6:47 [Bitcoin-development] replace-by-fee v0.10.0rc4 Peter Todd
2015-02-12  7:23 ` Tamas Blummer
2015-02-12  7:45   ` Peter Todd
2015-02-12  8:27     ` Tamas Blummer
2015-02-12  8:49       ` Peter Todd
2015-02-12  9:01         ` Tamas Blummer
2015-02-15 20:51       ` Troy Benjegerdes
2015-02-12  8:16   ` Alex Mizrahi
2015-02-12 11:58 ` Mike Hearn
2015-02-12 12:23   ` Natanael
2015-02-12 12:49     ` Mike Hearn
2015-02-12 13:02       ` Natanael
2015-02-12 13:44         ` Mike Hearn
2015-02-12 14:36           ` Natanael
2015-02-12 14:53             ` Mike Hearn
2015-02-12 15:20               ` Natanael
2015-02-12 15:30                 ` Justus Ranvier
2015-02-12 13:36       ` Oleg Andreev
2015-02-12 12:52   ` Alex Mizrahi
2015-02-12 13:18     ` Mike Hearn
2015-02-12 13:45       ` Alex Mizrahi
2015-02-12 13:52         ` Mike Hearn
2015-02-12 14:04       ` Tamas Blummer
2015-02-12 14:16         ` Mike Hearn
2015-02-12 14:25           ` Tamas Blummer
2015-02-12 23:08             ` Tom Harding
2015-02-12 14:32       ` Alex Mizrahi
2015-02-12 15:15         ` Mike Hearn
2015-02-12 15:32           ` Natanael
2015-02-12 15:42             ` Mike Hearn
2015-02-12 15:54               ` Natanael
2015-02-12 16:57           ` Btc Drak
2015-02-12 17:24             ` Oleg Andreev
2015-02-12 18:11               ` Justus Ranvier
2015-02-12 18:37                 ` Allen Piscitello
2015-02-12 19:15                   ` Alan Reiner
2015-02-12 19:34                     ` Justus Ranvier
2015-02-12 19:45                       ` Peter Todd
2015-02-12 19:49                         ` Justus Ranvier
2015-02-12 19:47                       ` Allen Piscitello
2015-02-12 19:52                         ` Justus Ranvier
2015-02-12 20:02                           ` Natanael
2015-02-12 20:36                           ` Allen Piscitello
2015-02-14 14:47                             ` Ross Nicoll
2015-02-12 20:06                     ` Peter Todd
2015-02-12 19:49       ` Gregory Maxwell
2015-02-12 20:18         ` Peter Todd
2015-02-13 11:34         ` Mike Hearn
2015-02-12 12:54   ` Tamas Blummer
2015-02-12 14:42   ` Alex Mizrahi
2015-02-12 15:27   ` Jeff Garzik
2015-02-15 21:25     ` Troy Benjegerdes
2015-02-15 21:40       ` Adam Gibson
2015-02-19  8:56         ` Troy Benjegerdes [this message]
2015-02-21 19:09           ` Jorge Timón
2015-02-21 20:30             ` Mark Friedenbach
2015-02-21 22:47               ` Jeff Garzik
2015-02-22  1:15                 ` Peter Todd
2015-02-22  3:25                 ` Jorge Timón
2015-02-22  4:06                   ` Jeff Garzik
2015-02-22 11:41                     ` Eric Lombrozo
2015-02-22 12:06                       ` Eric Lombrozo
2015-02-22 13:41                         ` Eric Lombrozo
2015-02-22 13:53                           ` Peter Todd
2015-02-22 23:29                             ` Eric Lombrozo
2015-02-24  1:11                               ` Jeff Garzik
2015-03-01 17:59                         ` Troy Benjegerdes
2015-03-01 19:05                           ` Neil Fincham
2015-03-01 17:44                 ` Troy Benjegerdes
2015-02-12 16:15   ` Lawrence Nahum
2015-02-12 18:14 ` Tom Harding
2015-02-12 21:40 ` Josh Lehan
2015-02-22 16:36 ` Tom Harding
2015-02-22 17:12   ` Peter Todd
2015-02-22 19:25     ` Tom Harding
2015-02-22 21:50       ` Peter Todd
2015-05-04  4:36 ` [Bitcoin-development] New release of replace-by-fee for Bitcoin Core v0.10.1 Peter Todd
2015-05-05  2:23   ` Kevin Greene
2015-05-23 18:26   ` [Bitcoin-development] Replace-by-fee v0.10.2 - Serious DoS attack fixed! - Also novel variants of existing attacks w/ Bitcoin XT and Android Bitcoin Wallet Peter Todd

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150219085604.GT14804@nl.grid.coop \
    --to=hozer@hozed.org \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=ekaggata@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox