Several years ago I tried to maintain this position at a bitdevs meeting (not that I am one who addresses such meetings, but such was the opinion I expressed from the audience chair I inhabited). I recall a number of sage bitcoiners who I respect disagreed with me strongly.
They reminded me of the several kinds of transactions that are a threat to the network and that some transactions that might just cause unnecessary messes.
As a helpful reminder about this today, BitMex Research was kind enough to produce an excellent article on one particular kind of valid yet harmful transaction (#1456633). tl;dr - someone could craft a valid transaction that takes more than 3 minutes to validate. This could be used by a miner to try to gain an advantage over others.
There definitely are good reasons to not relay every valid transaction: Denial of Service vectors.
For example the Dust-Limit.
Or take a look at RBF. We wouldn't want to let someone flood our nodes with hundreds of tiny fee increments:
// Rule #4: The new transaction must pay for its own bandwidth. Otherwise, we have a DoS // vector where attackers can cause a transaction to be replaced (and relayed) repeatedly by // increasing the fee by tiny amounts.Source: https://github.com/bitcoin/bitcoin/blob/4169e72d9ed6320251feea821eb7c047793a50bc/src/policy/rbf.cpp#L114-L123
I agree with him that fee minimums are the main policy node runners have immediate self-interest in enforcing.
I disagree that relay policy is otherwise absolutely useless. It is one of few ways to communicate to neutrally intended parties what the network doesn't like (and miners should be rejecting ... hopefully). imo Policy is relatively useless when compared to consensus, but not absolutely useless.
If we want to remove relay policy entirely, I'd prefer:
I suppose that bip 110 is a (pretty crappy) attempt at no 2.
I agree that if we are going to have a concept of standardness, then we probably ought to just make block validation rules match. Of course it's easy to say, probably nigh impossible to do.
But the bigger problem I see is that it is a permissionless network. If some random other people come up with weird ways to use nonstandard transactions, we find ourselves in a weird position of needing to abandon the neutrality of the protocol. We have to tell the ordinals people "it's permissionless, but you can't do what you are doing." This seems like a terrible outcome.
I agree. I'm not advocating for a permissioned bitcoin. I'm saying what I think is true: relay policy is a (crappy) signaling mechanism. It's a signaling mechanism for things we all don't like (like validation complexity bugs) and it's also a signaling mechanism for things only some of us don't like. Relay policy is good enough that parties with neutral or good intent will take heed of it, while it does not protect us from bad actors much or at all.
Bitcoin is not permissionless all over. Bitcoin is a tyranny of consensus. Consensus defines what is permitted, and only within those dynamic bounds, is it permissionless. If consensus changes, what is permitted changes, but those were the rules of bitcoin's rules all along. So perhaps it's best to avoid saying bitcoin is permissionless without being clear about what we mean.
Personally, I do like the "who" vs. "what" framing. Bitcoin doesn't care who (and we should keep it that way), but it may care about what (and it always has, to some degree or another).
Yes, that's a clean way of saying this. It still takes longer to click for me than I'd like, but maybe there's no better way of saying it.
I keep wanting to find a thermodynamics metaphor for this but can't seem to. At least, come up with one that isn't as kludgy.
This is pretty good, but I need to think about it some. Also I need not to be sleepy.
Doesn't it make sense to see it as two layers of policy? Consensus is the policy that we are all forced to agree on else we're on different protocols. Relay policy is an individual choice of what consensus valid transactions to relay or not relay. By definition, nodes are free to choose this (if they weren't free, it'd be a consensus layer policy right?)
So is the question better framed as whether a node should (as opposed to could) relay these potentially harmful transactions?
Personally if I'm a node I think I'd choose to filter out transactions known to be harmful to the network
I prefer to make the distinction between rules about what can be included in a valid block and rules about what my node relays.
I understand Voskuil to be saying that the rules about what can be included in a valid block are essential, while the rules about what unconfirmed transactions you will relay are inconsequential.
Unless I'm willing to fork off, it is the case that I must at least validate (and possibly store for some time) every transaction in every valid block -- whether I like them or not.
Now, how do I learn about new blocks and the transactions they contain? well, my grug brain says that I hope there are other nodes out there who will tell me about them. And this grug in me will extend this to say, I should tell other people about these valid blocks, too. Do unto others is pretty good advice, I think.
So as far as valid blocks and the transactions they contain, I see a difference. Nodes that pick and choose what to relay among confirmed transactions would be not very good peers.
This seems like a fundamentally different thing than choosing to relay unconfirmed transactions or not. Any given unconfirmed transaction might not ever make it into a block. There doesn't seem to be a fork risk to refusing to relay unconfirmed transactions or not. And I think you can still be a good peer if you don't relay any unconfirmed transactions at all but do relay transactions in valid blocks.
Of course, people should feel free to run whatever policy they want on their nodes, but the only rules that actually matter are about what can be included in a valid block.
I'm not asking about could or should; I'm asking whether it actually matters.
matters to whom and for what though?
Yes. I had to think about this for a while.
To whom: does any given policy actually matter for a noderunner's ability to interact with the network?
For what: does any given policy help us achieve a peer to peer digital cash that is permissionless?
Perhaps the addendum to each is: better than what is already laid out by block validation rules.
Oh. What @k00b said, then.
https://twiiit.com/evoskuil/status/2034333393614155895