From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 7624190 for ; Sun, 1 Nov 2015 03:23:27 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from ozlabs.org (ozlabs.org [103.22.144.67]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 8801BEE for ; Sun, 1 Nov 2015 03:23:26 +0000 (UTC) Received: by ozlabs.org (Postfix, from userid 1011) id 61AB1140778; Sun, 1 Nov 2015 14:23:23 +1100 (AEDT) From: Rusty Russell To: Gavin Andresen , Bitcoin Dev In-Reply-To: References: User-Agent: Notmuch/0.20.2 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu) Date: Sat, 31 Oct 2015 14:13:13 +1030 Message-ID: <8737wrwvn2.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_40, DATE_IN_PAST_12_24, RCVD_IN_DNSWL_MED, T_RP_MATCHES_RCVD autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Compatibility requirements for hard or soft forks X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Nov 2015 03:23:27 -0000 Gavin Andresen via bitcoin-dev writes: > Should it be a requirement that ANY one-megabyte transaction that is valid > under the existing rules also be valid under new rules? > > Pro: There could be expensive-to-validate transactions created and given a > lockTime in the future stored somewhere safe. Their owners may have no > other way of spending the funds (they might have thrown away the private > keys), and changing validation rules to be more strict so that those > transactions are invalid would be an unacceptable confiscation of funds. Not just lockTime; potentially any tx locked away in a safe. Consider low-S enforcement: high chance a non-expert user will be unable to spend an old transaction. They need to compromise their privacy and/or spend time and money. A milder "confiscation" but a more likely one. By that benchmark, we should aim for "reasonable certainty". A transaction which would never have been generated by any known software is the minimum bar. Adding "...which would have to be deliberately stupid with many redundant OP_CHECKSIG etc" surpasses it. The only extra safeguard I can think of is clear, widespread notification of the change. Cheers, Rusty.