On Wed, Jan 17, 2024 at 05:29:48PM +0000, Michael Folkson via bitcoin-dev wrote: > Hey Luke > > I'd be happy to pick up working on BIP 3 again ([0], [1]) in light of this > issue and others that are repeatedly cropping up (e.g. confusion on the > recommended flow for working on proposed consensus changes, when to open a > pull request to bitcoin-inquisition, when to open a pull request to Core, > when to include/exclude activation params etc). > > I don't think there is much I personally disagree with you on with regards to > BIPs but one issue where I do think there is disagreement is on whether > proposed default policy changes can/should be BIPed. > > I previously drafted this on proposed default policy changes [2]: > > "To address problems such as pinning attacks on Lightning and multiparty > protocols (e.g. vaults) there are and will continue to be draft proposals on > changing the default policy rules in Bitcoin Core and/or alternative > implementations. As these proposals are for default policy rules and **not** > consensus rules there is absolutely no obligation for Bitcoin Core and/or > alternative implementations to change their default policy rules nor users to > run any particular policy rules (default or otherwise). The authors of these > draft proposals are clearly recommending what they think the default policy > rules should be and what policy rules users should run but it is merely a > recommendation. There are a lot of moving parts, subtleties and complexities > involved in designing default policy rules so any recommendation(s) to > significantly upgrade default policy rules would benefit from being subject > to a spec process. This would also aid the review of any policy related pull > requests in Bitcoin Core and/or alternative implementations. An interesting > recent case study washttps://github.com/bitcoin/bitcoin/pull/22665and Bitcoin > Core not implementing the exact wording of BIP 125 RBF. In this case (for > various reasons) as a response Bitcoin Core just removed references to BIP > 125 and started documenting the replacement to BIP 125 rules in the Bitcoin > Core repo instead. However, it is my view that recommendations for default > policy rules should be recommendations to all implementations, reviewed by > Lightning and multiparty protocol developers (not just Bitcoin Core) and > hence they would benefit from being standardized and being subject to a > specification process. I will reiterate once again though that policy rules > are **not** consensus rules. Consensus rules are much closer to an obligation > as divergences from consensus rules risk the user being forked off the > blockchain and could ultimately end up in network splits. This does not apply > to policy rules." > > Are you open to adjusting your stance on proposed policy changes being BIPed? > I do think it really stunts work on proposed default policy changes and > people's ability to follow work on these proposals when the specifications > for them are littered all over the place. I've certainly struggled to follow > the latest state of V3 policy proposals without clear reference points for > the latest state of these proposals e.g. [3]. In addition some proposed > consensus change BIPs are starting to want to include sections on policy > (e.g. BIP345, OP_VAULT [4]) where it would be much better if they could just > refer to a separate policy BIP rather than including proposals for both > policy and consensus in the same BIP.
BIP-125 is I think an interesting case study. It is a much more fundamental standard than Ordinals or Taproot Assets, in the sense that transaction replacement is expected to be used by essentially all wallets as all wallets have to deal with fee-rate fluctuations; I do not think that Ordinals or Taproot assets are appropriate BIP material due to their niche use-case. The V3 proposal, and ephemeral anchors, would be expected to be used by a wide range of contracting protocols, most notably lightning. This isn't quite as broad usage as BIP-124 RBF. But it is close. And yes, Core making changes to what is essentially BIP125 has an impact: just the other day I ran into someone that didn't know RBF Rule #6 existed, which Core added on top of BIP-125, and had made a mistake in their safety analysis of a protocol due to that. Meanwhile, engineering documentation on V3 is extremely lacking, with basics like worked through use-case examples not being available. We don't even have solid agreement let alone documentation on how Lightning channels are meant to use V3 transactions and what the trade-offs are. And that has lead to mistaken claims, such as overstating(1) the benefit V3 transactions in their current form have for transaction pinning. I don't think V3 necessarily needs a formal BIP. But it would benefit from a proper engineering process where use-cases are actually worked out and analyzed properly. Finally, I think the lesson to be learned here is that mempool policy is better served by *living* documentation that gets updated to reflect the real world. There's no easy way for someone to get up to speed on what mempool policy is actually implemented, and more importantly, *why* it is implemented and what trade-offs were made to get there. It's quite possible that this "living documentation" requirement rules out the BIP process. 1) https://petertodd.org/2023/v3-txs-pinning-vulnerability -- https://petertodd.org 'peter'[:-1]@petertodd.org
signature.asc
Description: PGP signature
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
