Replacements are not pointless. You need to have the combination of timelocked transactions and replacement to ensure security in some cases. Look again at the example I gave above. For the wireless access example, if you don't do replacements, then you cannot sell access:
- User makes a transaction of 10 BTC to a 2-of-2 output with the access point. He sends the hash of this transaction to the AP, which then creates a tx that spends the given output back to the user and signs it.
- User gives tx 1 to the AP which broadcasts it, thus locking in the money.
- The AP and user co-operate to resign versions of the second transaction in which the balance between the APs output and the users output is the amount to pay. Because it's just a signature and there's no need to broadcast/wait, the value can be rapidly adjusted, like for every kilobyte of data transferred.
- To be secure this scheme must create the transactions timelocked and use sequence numbers so each adjustment to the value of the contract has a higher version number. Otherwise the user can broadcast the initial payment tx (the one when they hadn't bought much/any bandwidth) before the trade is finalized, thus taking back their money and leaving the AP out of pocket.
Is it clearer now? With replacements the AP doesn't have to worry about the latter scenario. If the user broadcasts the initial payment tx even after payments of greater value were signed, it just broadcasts the last transaction it saw which overrides the users broadcast. The time locking gives a window in which there is time for the network to be presented with newer versions of the same transaction.
The output of the setup TX should require *both* parties signatures to spend. The user can't broadcst anything himself. Rather, every so often, the user makes a new TX spending that output, splitting it between himself and the provider. These are not updates; they are separate TX that happen to all spend the same output in different ways. The user signs them and then sends to the provider. Again, the user can't broadcast them because they lack the providers sig.
Now the provider just maintains the user-signed TX giving him the most money(the most recentvone). When he's ready, the provider takes the most favorable TX he's seen, adds his sign, and then broadcasts.
Unless the provider decides to hold the deposit for ransom by refusing to sign and broadcast until the client pays 50% of the remaining balance...
In Mike's scenario, the client retains control of his money until he has proof that his deposit will be returned.