The root cause of this disagreement is that I don't perceive Bitcoin as robust in the face of a decent DoS attacker, and other people do.

If someone does starts filling up the memory pool with bloated garbage transactions without padding? Then what? You say "oh it's more expensive", yes, but it's a long way from impossible isn't it? Especially given that once some exchange starts offering legal short selling you can much more easily turn such attacks into profit. "Thousands of dollars in fees" is hardly a big deal given the amounts at play in the current market.

Why didn't I write a better patch? Maybe if we'd taken a few more days then I'd have done so, or suggested a different approach, but because of the "zomg vulnerability" approach the one we have now got checked in and released as fast as possible leaving no time for such things.

Besides, like I said, Bitcoin still has lots of ways to DoS it. I wrote one last night just to prove a point, that's how easy it is. There actually was an anti-DoS check on that codepath but it doesn't work. So, ultimately these sorts of patches aren't a big deal. If I thought Bitcoin was really hard to DoS except for that one minor oversight then I'd probably have taken a different approach. Unfortunately that robustness won't be there until a systematic approach is taken to it.


I've already explained multiple times how to do this properly. If you didn't see it that's not because I didn't do it. Everyone knows what I think needs to be done. I don't ever bring it up except when other people are talking about "vulnerabilities" because obviously, I'm not currently rewriting the bitcoind anti-DoS architecture, I have other things on my plate.