There are usually two different ways you can read what someone has written: assuming they're smart, or assuming they're dumb. You're doing the latter, and it hurts our ability to have a decent conversation when you do that.
I know how digital signatures work, and I understand the difference between "impossible because: crypto" versus "forbidden because: protocol". I just think the explanations need to be better. The things I feel that are not full fleshed out are things that an allegedly smart guy says he thinks are not fully fleshed-out. That's all.
Maybe it's impossible because: crypto to create a bad transaction. I mean, not just something where the signature is wrong, but something where you literally cannot say what account to transfer something into because you don't have the private key? I don't know. That's not specified. I know how this works in POW. I don't know how this works in DPOS. What if I make a bad transaction with a bad signature but a bad witness permits it? I don't know what happens. And that's the thing that I want to know.
You're hand-wavey on exactly the points I want to know about. Rewound? How the hell did that happen?
History is not a perfectly clean line, it's a gigantic tree of transactions, and we hope there's exactly one way to parse this tree into the canonical, linear list of transactions. And hopefully the explanations of how this algorithm works should explain how to do that. I think the problems I have with the explanations are solvable. I have some ideas of how I would do it if I were to make a thing, but I'm reading whitepapers that are purporting to explain the thing, and there are things that aren't explained. If I'm reading the wrong things, then point me to the right ones.
The idea that votes are weighted by activity is nice in terms of someone suddenly trying to instantiate a bunch of accounts all at once to influence a vote, but then it certainly seems dangerous that high-reputation accounts have more influence than normal folk.
Ultimately, from a protocol-perspective, I think the thing that I'm uncomfortable with is that there's only one guy producing a block at one time. It's possible to catch that guy if he does something bad, but I would prefer that the other witnesses prevent that somehow; and that those rules were built-in the protocol. Basically, I'm saying that all 'N' witnesses should try and see what they would think the block should look like, even though only one is authorized to generate the block. And if the generated block seems to be missing some things, or some signatures don't line up the way we presume they ought to, then there should be some kind of defined way to handle that.
RE: Some weaknesses in either the DPOS algorithm or its explanation