The root cause of this disagreement is that I don't perceive Bitcoin as robust in the face of a decent DoS attacker, and other people do.
If someone does starts filling up the memory pool with bloated garbage transactions without padding? Then what? You say "oh it's more expensive", yes, but it's a long way from impossible isn't it? Especially given that once some exchange starts offering legal short selling you can much more easily turn such attacks into profit. "Thousands of dollars in fees" is hardly a big deal given the amounts at play in the current market.
Seems to me your advice for someone deciding if it's worth installing security screens on their windows in a high-crime area is "Why bother? All the thieves have to do is rent an excavator."
The security of Bitcoin itself is a matter of cost-vs-reward, the 51% attack, so we should ensure the cheapest way to attack Bitcoin remains via the extremely expensive 51% attack.
Why didn't I write a better patch? Maybe if we'd taken a few more days then I'd have done so, or suggested a different approach, but because of the "zomg vulnerability" approach the one we have now got checked in and released as fast as possible leaving no time for such things.
I see you would have rather Peter done nothing and let an actual attack on mainnet continue.
I'm glad we didn't put you in charge of the defense of the island of Britain back in WWII.
Besides, like I said, Bitcoin still has lots of ways to DoS it. I wrote one last night just to prove a point, that's how easy it is. There actually was an anti-DoS check on that codepath but it doesn't work.
So are you going to report the issue so someone can fix it? Or are you just making up bullshit?
I've already explained multiple times how to do this properly. If you didn't see it that's not because I didn't do it. Everyone knows what I think needs to be done. I don't ever bring it up except when other people are talking about "vulnerabilities" because obviously, I'm not currently rewriting the bitcoind anti-DoS architecture, I have other things on my plate.
I remember from your tx-replacement debacle your "solution" was to rate-limit replacements, thereby making the replacement feature useless until the attacker gave up. Meanwhile you aren't willing to accept taking fees into account to allow legit users to get their replacements prioritized, and in general you even advocate that we do away with fees in general.
You also didn't answer Peter's question about what limited resource you would like to see SPV clients spend so that a DoS-ing attacker can be distinguished from legit users.