Ripple CTO Emeritus David “JoelKatz” Schwartz has pushed back hard on claims that the XRP Ledger (XRPL) is effectively centralized — sparking a technical debate over what “control” and “permissioned” actually mean for a ledger that relies on curated validator lists instead of Proof-of-Work or Proof-of-Stake.
What kicked it off
Justin Bons, founder and CIO of Cyber Capital, argued in a broad thread urging the industry to “reject all centralized ‘blockchains’” that networks such as Ripple, Canton, Stellar, Hedera, and Algorand have permissioned or semi-permissioned elements. His XRPL-specific claim: because many XRPL nodes rely on a published Unique Node List (UNL), “any divergence from this centrally published list would cause a fork,” concentrating power in whoever publishes that list. Bons framed this as a binary: “either fully permissionless or it is not,” and warned that partial permissioning is a deal breaker — particularly if banks and incumbents prefer controlled environments while “crypto natives” build permissionless systems.
Schwartz’s rebuttal: votes, not oracles
Schwartz called Bons’ notion of “absolute power & control” on XRPL “objectively nonsensical,” arguing the mechanics differ materially from PoW systems. His key point: XRPL validators are votes, not oracles that can force nodes to accept malicious state changes. An individual dishonest validator is just one disagreeing vote; honest nodes count votes and will not accept a double-spend or censorship solely because a validator says so.
He acknowledged a real failure mode, but reframed it: colluding validators could halt progress from the perspective of honest nodes — a liveness problem akin to a dishonest-majority attack — yet they would not be able to steal funds or create double-spends. The remedy, he said, is changing the UNL (analogous to changing a mining algorithm in BTC if miners colluded).
On censorship and empirical evidence
Schwartz also leaned on empirical comparisons, asserting that transaction discrimination, reordering, and censorship occur in BTC and ETH, while — in his view — XRPL has never seen that kind of behavior and it’s hard to imagine how it would occur on XRPL as designed.
How XRPL consensus works (Schwartz’s view)
Schwartz outlined XRPL’s consensus as fast “live consensus” rounds (roughly every five seconds) where validators vote on whether a transaction should be included now or deferred. The critical requirement is agreement on whether a transaction was seen before a cutoff, not blind trust in a validator. He argued the UNL exists for two pragmatic reasons:
- To stop attackers from spawning unlimited validators (Sybil-style) and forcing undue work.
- To prevent validators from passively refusing to participate in a way that makes consensus unanalyzable.
He emphasized that validators can’t force a node to apply rules it doesn’t have coded, and that there is no governance-style control baked into the UNL beyond coordinating feature activation.
Back-and-forth on the stakes
Bons responded that even without direct theft, majority influence can enable double-spends or censorship — the same kind of threat as a majority miner in BTC — and suggested they take the debate to a live podcast. Schwartz rejected an equivalence in mechanics, reiterating that nodes independently count agreeing validators and will not accept malicious history just because validators say so.
An unusual admission about design choices
Schwartz closed with a candid rationale: XRPL’s architecture was intentionally built to limit Ripple’s ability to comply with external demands to censor. “We carefully and intentionally designed XRPL so that we could not control it,” he wrote, noting Ripple must still honor U.S. court orders and cannot ignore them. He added an incentive argument: even if Ripple had the technical ability to censor or double-spend, using it would destroy trust and therefore destroy the network’s utility — so the safest approach is to design the system such that the entity cannot perform the requested censorship.
Price note
At press time, XRP was trading at $1.3766.
Bottom line
The exchange highlights a recurring debate in crypto: what counts as “permissioned” or “centralized” depends a lot on system mechanics and failure modes. Bons offered a strict, binary standard for permissionlessness; Schwartz countered with a nuanced defense of XRPL’s vote-based consensus, arguing that curated validator lists are a practical compromise to prevent Sybil attacks and ensure measurable participation — not a backdoor for absolute control.
Read more AI-generated news on: undefined/news
