Bitcoin Forum

http://bitcoinmedia.com/the-truth-behind-bip-16-and-17/

Now I am not usually posting (spamming) Bitcoin Media stories on the forum, but I feel this is an important read. All the posts I've seen thus far are by partisan supporters of either scheme with no objectivity. They've also been highly technical in their language whereas here I've put mucho effort to make it readable and understandable for non-bitcoin developers.

Other developers disagree with giving this information away and feel like you as users should trust their judgement. I strongly disagree. I'd rather people have a say in such fundamental matters such as this, even if it makes the developer's lives harder because they have to explain their decisions thoroughly.

My worry is bitcoin someday becomes corrupted. Developers: see this extra scrutiny as an opportunity to build a culture of openness. It is not at all bad.

A minor issue is that old clients will not propagate CHV payments. The old clients will accept blocks with CHV payments, but they will not pass them onto other nodes in the network. This is not a problem as transaction propagation speed is usually far quicker than confirmation speed (especially with 6 confirms or more).

http://bitcoinmedia.com/the-truth-behind-bip-16-and-17/

I wonder why rush to deploy such extremally dangereous changes
without months of torturing testing on the testnet ??

I mean BOTH proposals (16 and 17).

Gavin created a bot that makes BIP17 testing impossible on the testnet.

I'm concerned about lukejr continuing to work on bitcoin after he proved his is an untrustworthy individual. He abused the people using his pool. And they want to continue to let him change the bitcoin code? I tell you what as a business owner, I would say fuck that shit. ANd really I am going to make sure as many business owners as possible who are considering bitcoin know who helps program it. And let them decide with full information that they have to trust something produced by a person who proved that they could not be trusted.

Both (especially BIP16, sorry Gavin) sound like complete hacks.

You are kidding, right ?

Luke has had to test BIP 17 on the main network instead of testnet because I wrote a BIP-17-stealing robot and ran it on testnet

The risk is loosing the entire bitcoin market. The return is a better blockchain.

 How to make the transition with the least amount of disruption.

Imo that would be doing neither.

Exactly. There's no urgency, so I really don't understand why the urgency to ram through a proposal with any risk attached with the excuse that nothing will get done otherwise? Gavin?

Exactly. There's no urgency, so I really don't understand why the urgency to ram through a proposal with any risk attached with the excuse that nothing will get done otherwise? Gavin?

What is the added value beyond shorter addresses for complex transactions? Because I don't see that as very important.

P2SH provides a way to hide these SIGOPs from Satoshi’s rule to allow a newer more precise method for counting them to be developed.

(...)

P2SH does not solve this issue, but it buys more time.

Rather than introducing a new paradigm of executing a piece of data on the stack upon recognising a particular script schema, CHV (BIP 0017) uses an existing operation that seemed to be included for this purpose by Satoshi: CODESEPARATOR.

CHV’s disadvantage over P2SH is nodes will accept any transactions spending an output as valid. To old clients it looks like a transaction that is spendable by anybody while P2SH requires the hashed data.

Summarising:

• P2SH introduces a complexity-inducing solution to a tough problem.
• CHV introduces a new operation code. Unexpected combinations of opcodes have been a problem in the past.
• Remain where we are with all of bitcoin’s imperfections and problems. Use 70+ character addresses for multiple person transactions instead of 20 character ones.

Gavin created a bot that makes BIP17 testing impossible on the testnet.

Gavin created a bot that makes BIP17 testing impossible on the testnet.

I'm concerned about lukejr continuing to work on bitcoin after he proved his is an untrustworthy individual. He abused the people using his pool. And they want to continue to let him change the bitcoin code? I tell you what as a business owner, I would say fuck that shit. ANd really I am going to make sure as many business owners as possible who are considering bitcoin know who helps program it. And let them decide with full information that they have to trust something produced by a person who proved that they could not be trusted.

When I set the deadline, I had no idea Luke would:
  a) Decide that a bugfix 0.5.2 release was a good idea. I thought the minor bugfixes weren't worth taking the time to make a release but arguing with Luke is like arguing with a brick wall, so I went "meh, whatever."

 b) Propose BIP 17 and go on a war against BIP 16.

Yes, Gavin created a bot that exploits a differential weakness of BIP17 vs BIP16. This was pretty helpful as luke was insisting there was no difference, and this let us feel out how the difference actually mattered.

@gmaxwell the pressure was created by Gavin and Luke, in the first place, with not so accurate statements, personal attacks and a close deadline ahead. Now you only see the waves coming back.

The same bot could be created to steal BIP16 transactions instead.

Please show me a statement made by Gavin which is inaccurate or a personal attack.

The whole characterization of Luke vs Gavin is nonsense to begin with. BIP16 arose out of combining a half dozen proposals, it was a _consensus_ proposal. At the regular development meeting that produced it no one was objecting to it at the end (partially no one because Luke had to leave early, before he left he indicated that he would only support it if some language about deprecating non-BIP16 transactions was added to the BIP).

just look around you will find some of Gavin's threads. I'm into in the loop with you guys, dev team, so my opinions are based on what was made public on the forum lately.

What is this?

If you're going to slander like that you at least owe the participants here a link to a specific message/a quote.

I think what you're saying is untrue and unfounded but if you go around and repeat it as a fact people who, unlike me, haven't read almost all the discussion are going going to believe it.

I think it's unfortunate that both Tycho and Genjix are both spreading overt misinformation here in order to create controversy.  (Tycho making insane claims that testing BIP17 is impossible, Genjix with falsely describing this as a "vote", claiming that people don't want you to know about this open and widely discussed matter, the over the top subject line)

The kind of hysteria being promoted here is a very big disincentive to contributing technically to bitcoin. I encourage everyone to be patient and thoughtful and recognize that bitcoin can not survive if people with powerful media presences are able to disrupt development and exhaust the developers at will.  Discussion is great, but consider whos interest panic is well aligned with: Certainly not the interest of the Bitcoin using community. Don't let your emotions be manipulated.

21:31 < genjix> gmaxwell, roconnor: i'm putting this out tomorrow if you want to give some thoughts on this: http://privatepaste.com/c8b40edb00
21:31 < occulta> also that wiki is very old, relating to client 0.3 *
21:31 < BlueMatt> "minimum TX fee for new transactions reduced to 0.0005 BTC."
21:31 < BlueMatt> its still true
21:31 < genjix> whether it captures the entirety of the EVAL, P2SH, CHV discussion
21:32 < gmaxwell> genjix: ugh. that makes me feel sick. Representing it as a vote is simply misleading.
21:32 < gmaxwell> It's not that kind of 'vote'.
21:32 < genjix> what would you call it then?
21:32 < gmaxwell> I give up.
21:32 < genjix> it basically is, and this is informing the voters to ensure they make a better decision
21:33 < gmaxwell> This process is all broken.
21:33 < gmaxwell> No, it's pissing all over the walls.
21:34 < gmaxwell> genjix: The reason for the coinbase tags is _NOT_ to conduct a vote (if it were, I suppose the software would also tally the result) but simply because there needs to be a hash power measurement because the new rules are only safe if the majority of all future hashpower enforces them.
21:34 < gmaxwell> genjix: there is also no way this is going active on Feb 15th now. So the representation of that is creating false urgency. Though I suppose its up to gavin to announce moving that back.
21:35 < gmaxwell> genjix: you're also characterizing this as gavin vs luke, which is a complete load of rubbish.
21:35 < Joric> are there any pure-python parsers for berkeley db? my google skills are failing me
21:35 < Joric> or at least format documentation
21:36 < BlueMatt> bdb parsers are impossibly hard to find
21:36 < genjix> i asked for feedback to write a better article and you're simply attacking me
21:36 < Joric> yeah )
21:36 < BlueMatt> there may be a bdb wrapper
21:36 < genjix> Joric: pybsbdb
21:36 < Joric> want to get rid of bsddb dependency, gae doesn't have it
21:36 < genjix> it is a good bdb wrapper
21:36 < BlueMatt> genjix: his feedback is that there should be no article
21:36 < BlueMatt> (and I agree)
21:37 < genjix> yes let the mere users fester in ignorance
21:37 < gmaxwell> genjix: sorry. This whole "dispute" thing has basically pushed my interest in contributing to bitcoin technically negative.
21:37 < Joric> etotheipi_, do you need pure python bdb parser aswell?
21:37 -!- graingert [~graingert@unaffiliated/graingert] has joined #bitcoin-dev
21:37 < genjix> i'm only trying to inform people how bitcoin works (if you look at my past articles)
21:38 < gmaxwell> And I'm irate because I feel like I've invested time in something that now has net negative return (it stresses me out). I shouldn't be taking that out on you.
21:38 < Diablo-D3> [04:35:13] <gmaxwell> genjix: you're also characterizing this as gavin vs luke, which is a complete load of rubbish.
21:38 < Diablo-D3> yes really
21:38 < Diablo-D3> because if there was some sort of cage match between the two
21:38 < Diablo-D3> gavin would be going in dry.
21:38  * BlueMatt suggests you leave authors out of the article
21:38 < gmaxwell> genjix: explaining what the P2SH stuff does is fantastic. People seemed to like it when I explained it in #bitcoin-mining the other day.
21:38 < BlueMatt> (as its irrelevant)
21:39 -!- Ahimoth_ [~Ahimoth@75.80.19.176] has joined #bitcoin-dev
21:39 -!- Ahimoth [~Ahimoth@75.80.19.176] has quit [Disconnected by services]
21:39 -!- Ahimoth_ is now known as Ahimoth
21:39 < gmaxwell> genjix: inviting people into taking positions over technical minutia which they won't be qualified to really have an opinion on without a lot more understanding than you can put into the article... meh.
21:40 < BlueMatt> esp when their opinion wont have any effect on the outcome aside from making the pissing match bigger
21:40 < gmaxwell> BlueMatt: exactly.
21:40 < BlueMatt> (kinda doubt any will switch pools)
21:40 -!- wirehead [~a@154.5.144.145] has quit [Ping timeout: 260 seconds]
21:41 < gmaxwell> The solution to this needs to be consensus of the interested and compentent. Not a bigger dispute decided by whomever can convince more people to come to their side.
21:41 < genjix> i'd rather people have a say in the matter even if it makes life tougher for developers to explain their decisions.
21:41 -!- erle- [~m@g225119098.adsl.alicedsl.de] has joined #bitcoin-dev
21:41 < gmaxwell> The latter case has no winners.
21:41 < genjix> these kinds of decisions should always be deliberately difficult and hard
21:41 < BlueMatt> what?
21:41 < BlueMatt> we should make all of our decisions harder?
21:42 < genjix> no big decisions to the protocol or system
21:42 < genjix> implementation decisions - fine.
21:42 < BlueMatt> but we should make the big decisions harder on ourselves?
21:42 < gmaxwell> genjix: So what, some statemen with a prominant website gets people all upset over their half understandings of some technical details and they go against the decisions of the people who are actually spending time to work on the software? You know what the outcome of that is? The people working on it _leave_, and the only people left to make additions are the people who are either too clueless or lazy to contribute now, and luke.
21:43 < BlueMatt> by making the decisions into huge pissing matches where politics takes on more importance than technical arguments?
21:43 < genjix> umm hello?
21:43 < genjix> it's already that way
21:43 < gmaxwell> genjix: when we had the discussion about what would become BIP16 the discussion ended without anyone objecting to that decision. (except luke, who'd left early)
21:44 < genjix> sure. but i feel a bit apprehensive about telling our users this is how it will be, you have no say and then giving them the finger
21:44 < BlueMatt> if they feel like really getting involved, great
21:44 < BlueMatt> they can come in here and chat, and post on the forum
21:45 < BlueMatt> s/forum/mailing list/
21:45 < gmaxwell> genjix: your article is also full of factual errors. For example, the maximum recusion depth was always part of OP_EVAL. roconnor's important contribution was realizing that the implementation was buggy and the limit didn't work.
21:45 < BlueMatt> (freudian slip)
21:45 < gmaxwell> genjix: I don't think any user would be opposed to P2SH as it is— when I explained it in bitcoin-mining the other day people were very excited about it.
21:46 < gmaxwell> genjix: the reason to oppose it is just the risk of unknown bugs— a very important concern, but not one that causual users are qualified to reason about, unfortunately.
21:47 -!- graingert [~graingert@unaffiliated/graingert] has quit [Remote host closed the connection]
21:47 < gmaxwell> genjix: if you think this needs to be delayed in order to address that, then great— but where is the plan that converts extra time into extra software quality?
21:47 < genjix> i dont have a viewpoint on this.
21:47 < genjix> if p2sh, chv or none comes along then i'll implement them.
21:47 < BlueMatt> so why are you encouraging others to make one?
21:48 -!- b4epoche_ [~textual@dssl.mne.psu.edu] has joined #bitcoin-dev
21:48 < genjix> my experience is in software architecture not protocols, so i'm not commenting
21:48 -!- b4epoche [~textual@dssl.mne.psu.edu] has quit [Read error: Operation timed out]
21:48 -!- b4epoche_ is now known as b4epoche
21:48 < genjix> BlueMatt: because i like people to have choice and freedom
21:48 < genjix> it is not harmful to give people choice or information
21:49 < BlueMatt> they do, if they actually want to come and reason about the issues, there is always someone here to discuss with
21:49 < BlueMatt> but they dont have choice
21:49 < BlueMatt> and unless they all switch to p2pool overnight, they wont get one
21:50 -!- shazooun [~shazooun@70-90-104-13-ma-ne.hfc.comcastbusiness.net] has quit [Ping timeout: 245 seconds]
21:50 < gmaxwell> genjix: there can't be choice and freedom without understanding. People don't bother even switching pools when their pools cost them money.
21:51 -!- shazooun [~shazooun@70-90-104-13-ma-ne.hfc.comcastbusiness.net] has joined #bitcoin-dev
21:51 < genjix> my worry is someday bitcoin becomes corrupted. see this extra scrutiny as an opportunity to build a culture of openness
21:51 < genjix> it is not at all bad.
21:51 < tcatm> it's not so much about having a choice but discovering "the best" way to implement more complex transactions types...
21:51 < gmaxwell> genjix: if you're concerned about the ecosystem why aren't you out there figuring out why people are paying 110%-115% PPS for secret mining projects? and telling the people who are contributing who don't currently know where their hash power is going.
21:52 < genjix> gmaxwell: i am writing an article on that
21:52 < gmaxwell> Oh. :)
21:52 < roconnor> genjix: s/Both BIP 0017 and BIP 0018 are/Both BIP 0016 and BIP 0017 are/
21:52 < genjix> but i have never mined a block so a lot of this is news to me.
21:52 < roconnor> PPS?
21:52 < genjix> like proportional mining being a scam and understanding the various statistical measures.
21:53 < gmaxwell> roconnor: pay per share.
21:53 < genjix> pay per share
21:53 < genjix> thanks roconnor
21:53 < gmaxwell> roconnor: people are being given a signficant premium on mining above the expected rewards, with ~zero payout variance.
21:54 < roconnor> gmaxwell: paid it bitcoin?
21:54 < roconnor> *in
21:54 < gmaxwell> roconnor: yes. If it were paid in USD it would be completely sensible.
21:54 < gmaxwell> roconnor: paid in bitcoin daily too.
21:55 < roconnor> that doesn't sound sustainable
21:55 < gmaxwell> roconnor: if it were being used to promote a new mining pool, for example, it would also be sensible... but this is for private projects with no published hash rates, so it doesn't have promotional value.
21:56 < BlueMatt> gmaxwell: link?
21:56 < gmaxwell> My best theory is that they're doing something useful with merged mining, next best is that they've got some idiot money laundering scheme (e.g. give miners dirty silkroad coins), worst outcome is that it's for some idiot attack. :(
21:57 < gmaxwell> BlueMatt: https://bitcointalk.org/index.php?topic=54467.0
21:57 < gmaxwell> https://bitcointalk.org/index.php?topic=61117.0
21:57 < gmaxwell> https://bitcointalk.org/index.php?topic=55819.0 (A meta service to aggregate these offers into a bidding market)
21:57 < gmaxwell> https://bitcointalk.org/index.php?topic=61570.0
21:58 < BlueMatt> now thats just weird
21:58 < gmaxwell> There are more... there are at least a half dozen people doing this all of a sudden.
21:58 -!- wirehead [~a@154.5.144.145] has joined #bitcoin-dev
21:58 < roconnor> gmaxwell: I don't really see how it could be used to launder money
21:59 < gmaxwell> roconnor: I said idiot for a reason! :)
21:59 < roconnor> ah
21:59 < BTC_Bear> gmaxwell: quick question as to this:
21:59 < BTC_Bear> the checkpoints are there to keep from overtaking the blockchain, or at least it is a side benefit. gmaxwell would know more than I. But I believe, I am correct.
22:00 < roconnor> BTC_Bear: it is there to stop DOS attacks by sending you long but low work chains.
22:00 < gmaxwell> BTC_Bear: nah, not really— the checkpoints do that as a side effect but they're so far back that you couldn't realistically overtake even with a good multiple of the hash power for a short window.
22:00 < CIA-97> bitcoin: jedi95 * rec8af03cfdf7 Phoenix-Miner/minerutil/RPCProtocol.py: Fixed expire= for X-Roll-Ntime http://tinyurl.com/7xwchtb
22:00 < BTC_Bear> thanx
22:00 < gmaxwell> what roconnor said, they avoid some stupid DOS attacks.
22:00 < JFK911> where can I get 115%
22:01 < gmaxwell> I guess the risk of a new checkpoint being set does discourage someone from working in secret on a very long overtaking fork, but thats also some speculative side benefit.
22:01 < BlueMatt> as a sidenote, we need a new checkpoint for 0.6
22:02 < BlueMatt> s/for/before/
22:04 -!- dr_win [~dr_win@147.32.31.193] has joined #bitcoin-dev
22:06 < roconnor> genjix: gavin knew about the looping behaviour in OP_EVAL well before december.
22:06 < roconnor> genjix: the maximum iteration code was there from the beginning
22:06 < genjix> roconnor: i've corrected that

I think you did a great service to our community with your effort that you put into your article, so thank you very much!

Normal people don't read "from git" as "latest code" even if it is technically true. Just sayin'.

I am not sure what has changed since this time and

To risk permanent harm to the system...

And the blockchain bloat? That almost seems like a distraction. Complex transactions are going to take up extra space in the blockchain; arguing over where and when the bloat occurs seems pretty academic too.

Ultimately we seem to be fracturing the community (and potentially the blockchain!) just for the sake of convenience. If complex transactions require 70-character addresses, then so be it. To risk permanent harm to the system to avoid them just seems short-sighted.

There is no risk of permanent harm.

These BIPs would reduce the size of unspent transactions, no matter how complex, to the lowest safe size.

Agreed!
Besides the split of the chain...

...  No it's not a mistake.  P2SH _prevents_ needing long addresses.

Lets unpack the acronym "pay to script _hash_".  Hashes only need to
be 128-256 bits in size or so to have acceptable security, so you
don't need something longer than that for paying to a hash.

Note that gavin is saying 70 characters, not bytes.

Without some form of P2SH then only way for you to make a personal
choice of asking people to pay to a two-factor protected account or
two a multiparty trust that manages the finances of an organization
is using some form of "P2S", pay-to-script.

In other words, you'd have to have an address that encodes a full
script specification for the sender to pay to,  instead of just
encoding its hash.  As a result these addresses would be much longer
(and potentially very long).

The minimum size of a two address involving encoded script would be on
that order, but they get bigger quite quickly if you add more options
to the script (actually 70 sounds quite small, it should be more like
100 for a minimum two pubkey script).

In addition to the unworkability of very long addresses as described
by gavin (amusingly I am unable to copy and paste the quoted example
in one go) a P2S solution has several problems which you might
consider more or less important:


(1) They are highly vulnerable to invisible substitution.  E.g. I can
trivially take a P2S address, change one or two characters and get a
script which is redeemable by anyone.  With P2SH you have to do
computation which is exponential in the number of unchanged digits to
get a look alike address.

(2) The sender is fully responsible for fees related to the enlarged
transactions. Even if _you're_ willing to take the txn-processing time
and fee burden of a 30 person joint trust address,  random e-commerce
sites will not be and will randomly reject your addresses.

(3) They create another input vector for non-trivial data which must
be inspected and validated, potentially presenting an attack surface.

(4) They leave the complicated (long) release rules in the transaction
outputs.  When a transaction is mined we can't be sure if it will ever
be redeemed. The outputs are unprunable.   In a future world where
many nodes prune output space is far more important than input space
and it would make sense to require more fees for it because we're
never sure how long it would need to be stored (making it an
attractive target for someone who wants to make Bitcoin unusable by
spamming it with worthless data).  P2SH reduces output sizes to the
absolute minimum without inflating the total data size.

never understood why that would happen, the bips just move the large script from the output to the input
unspent blocks have both
inputs of unspent transacions can be pruned? (afaik pruning is actually not supported by the client)
I thought the merkle tree contained hashes of transaction and not hashes of separate inputs/outputs...

(the connecting tree isn't relevant, because you've already validated the transactions for yourself, you don't need to continually prove to yourself that you weren't lying to yourself)

it becomes relevant if you add it to the default client.
then everyone will remove the inputs, and new clients downloading the blockchain will have trouble finding a record they can validate.

then everyone will remove the inputs, and new clients downloading the blockchain will have trouble finding a record they can validate.

the way i see it, if you decided to keep the blockchain - you should never prune so it cant be validated. if you don't want to keep it, you can delete all of the blocks right after validation and just keep a signed (by yourself) copy of unspent transactions.

There is no risk of permanent harm.

And, at the same time, there's nothing stopping anyone from implementing both.  It's conceivable someone could create a client that did the validation for both BIP-16 and BIP-17.  Miners could also validate both style transactions.  Since they are both designed to be backward compatible, they will all be recognized as legitimate transactions by the whole network if they get into a block (even if not all clients relay them).  The downside of course is that if you create either a BIP-16 or BIP-17 style transaction and the majority of mining power isn't doing the full validation, you run the risk of losing your coins to theft.

You forget that completed transactions can be pruned. They can and will be deleted by many miners after the bitcoins are spent further. Unspent bitcoins can not. They are kept by all miners forever. These BIPs would reduce the size of unspent transactions, no matter how complex, to the lowest safe size. It is not merely academic. It is significant.

I think the real question is, how long on average will coins sent via complex transactions remain unspent? If the intention is for most transactions in the future to become complex (which I'm seeing hints of, and if so, I'd love to be pointed to where this is actually discussed openly,) then I see your point, but I don't see that that as a given.

The expectation that many in the future would be 'complex' because all two-factor wallets transactions would be complex.  I'd certainly encourage typical users to go this route.

But it's also not the entirely right question to ask here, because the chain doesn't just carry earnest transactions.  If someone wants to DOS attack bitcoin to make it unusable or ruin its decentralization, they'll use the cheapest method available to add the most immortal data to the blockchain. By reducing the amount of potentially immortal data needed in normal financial transactions we reduce that attack, because it is either easily distinguishable from normal transactions (thus subject to higher fees), or isn't as much data.

23:32 < gmaxwell> luke-jr: perhaps because you're in charge of 400GH of other people's hash power you're happy to say that a coinbase tally is the right way to determine support, but I don't think thats good for bitcoin.
23:34 < gmaxwell> If miners were to force this by simple majority of hashing power, but the community opposed it — we'd call that a 50% attack.

This isn't true.  Yes, Gavin created a bot that exploits a differential weakness of BIP17 vs BIP16. This was pretty helpful as luke was insisting there was no difference, and this let us feel out how the difference actually mattered.

For context: makomk is the creator of CoiledCoin, a bitcoin alternative:
  https://bitcointalk.org/index.php?topic=56675

Michael Marquardt (theymos) suggests compiling a list of everyone intimate with the bitcoin protocol to invite to a two-week email discussion. After those two-weeks a vote is taken. It will be the job of the champions of each idea (BIP 16, BIP 17 and no change) to win over the committee into supporting them. If an idea has necessary support, bitcoin clients will be programmed to apply the new rules for 3 months in the future.

My stance:

http://bitcoinmedia.com/cathartic-progress/

Michael Marquardt (theymos) suggests compiling a list of everyone intimate with the bitcoin protocol to invite to a two-week email discussion. After those two-weeks a vote is taken. It will be the job of the champions of each idea (BIP 16, BIP 17 and no change) to win over the committee into supporting them. If an idea has necessary support, bitcoin clients will be programmed to apply the new rules for 3 months in the future.

My stance:

http://bitcoinmedia.com/cathartic-progress/

Michael Marquardt (theymos) suggests compiling a list of everyone intimate with the bitcoin protocol to invite to a two-week email discussion. After those two-weeks a vote is taken. It will be the job of the champions of each idea (BIP 16, BIP 17 and no change) to win over the committee into supporting them. If an idea has necessary support, bitcoin clients will be programmed to apply the new rules for 3 months in the future.

Huge addresses can make difficult to read QR codes. They become harder to scan with a camera phone and even print clearly.

As do huge URLs. People would just use a shortener, as I suggested on my post above yours.

That is the problem... it takes up extra space in the chain... where the sender pays the fees; not the spender.

And transaction fees are and will remain very cheap to the end user for several years yet. People actually argue they will remain low forever, and that the main financing to mining will come from other sources. Even if that's not the case, there's plenty of time to do this calmly.

Huge addresses are not a major problem. If people can get along with huge URLs, there's no reason to believe they would be lost with large addresses. Even if an address is thousands of chars long, shortening services could come along and provide a short URL that you can put into those QR codes again.

But still, big addresses and transaction fees are not that big of a problem to provoke all this rush and heated discussions.

If we don't fix it soon, it will never get fixed. And it needs to get fixed because it will be an enormous problem several years from now. Proper scrutiny and testing is certainly necessary- but these changes are urgent.

Protocol changes are early or never. And never is very very bad.

Huge addresses can make difficult to read QR codes. They become harder to scan with a camera phone and even print clearly. Just an added observation.

I think it's important.  An address doesn't have to be a hash of anything…an address could be the entire script that you want someone to send coins to.  However, that would be rather unwieldy and there has been considerable investment in the notion of a bitcoin address being a relatively short thing.  Both investment in terms of software and investment in terms of people learning and understanding bitcoin.  To start passed around very long addresses would be rather confusing I think.  It also has the drawback of revealing more about the destination script than is necessary.

P2SH is the way that bitcoin should have been designed from the beginning IMO.  Outputs of transactions (scriptPubKey) should have always been just a hash and the validation always been that a script hashes to that value and executes successfully.  Using long addresses would be moving in the wrong direction in my opinion.

But RFID tags will most likely be a good competitor to QR codes as NFC becomes standard in smart phones, no?

Am I right in my understanding of the issue if I think that the problem arises from trying to implement P2SH and keeping backwards compatibility? If P2SH had been the way bitcoin works from the beginning then it would be fine, but since we now have an "old" block chain to think about the solutions become hackish?

This would still be the data one would need to copy and paste. They would still be called "Bitcoin addresses" by everyone except perhaps the developers themselves. They should be as short as possible. Also, all of that data is necessarily going to be stored in the blockchain- much of it forever and ever.

Yes, this is my impression. The fact that we have an old blockchain isn't the problem- it is guaranteeing that enough people upgrade.

It is already cryptographically possible to have two or more devices each have access to a portion of a private key, and be able to combine these portions to spend funds in such a way that no device gains access to any more of the private key than it already had, correct?

* Disclaimer: I don't think that BIP17 is better than BIP16. Both are ugly hacks. I will support one only if most other miners will.

AIUI, no.

RE: 2_Thumbs_Up

That new 'genesis block' would be just as big as the current pruned blockchain, so there is no point in doing it that way. Luckily there is no need: clean and simple P2SH would be easy to do with the current blockchain and transactions. The only challenge would be, apparently, the network-wide upgrade process.

Remove all of this fluff from a pruned block chain, make a "regenesis" block consisting of nothing but unspent outputs, and I bet it's less than a third the size of even a pruned block chain, and less than a tenth or twentieth the size of our current chain (a disparity that increases toward infinity as bitcoin is used - by 2013, this disparity might quadruple).