diff options
author | Jonas Schnelli <dev@jonasschnelli.ch> | 2016-06-09 08:57:29 +0200 |
---|---|---|
committer | bitcoindev <bitcoindev@gnusha.org> | 2016-06-09 06:57:36 +0000 |
commit | 8d29063cd7a0b22df679b65f16e38c616d26fd5d (patch) | |
tree | b724c9da3ec8b0f399f280b47e54ab2da45f1dde | |
parent | a00a21b772dcaaf3186ba490ac980c5f6ce0813d (diff) | |
download | pi-bitcoindev-8d29063cd7a0b22df679b65f16e38c616d26fd5d.tar.gz pi-bitcoindev-8d29063cd7a0b22df679b65f16e38c616d26fd5d.zip |
Re: [bitcoin-dev] BIP 151 MITM
-rw-r--r-- | 1c/73e7789554cf160177b90325a956a7350f37eb | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/1c/73e7789554cf160177b90325a956a7350f37eb b/1c/73e7789554cf160177b90325a956a7350f37eb new file mode 100644 index 000000000..35f101d83 --- /dev/null +++ b/1c/73e7789554cf160177b90325a956a7350f37eb @@ -0,0 +1,124 @@ +Return-Path: <dev@jonasschnelli.ch> +Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org + [172.17.192.35]) + by mail.linuxfoundation.org (Postfix) with ESMTPS id 09C346C + for <bitcoin-dev@lists.linuxfoundation.org>; + Thu, 9 Jun 2016 06:57:36 +0000 (UTC) +X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 +Received: from server3 (server3.include7.ch [144.76.194.38]) + by smtp1.linuxfoundation.org (Postfix) with ESMTP id B01F613B + for <bitcoin-dev@lists.linuxfoundation.org>; + Thu, 9 Jun 2016 06:57:34 +0000 (UTC) +Received: by server3 (Postfix, from userid 115) + id 4F1F62E60545; Thu, 9 Jun 2016 08:57:33 +0200 (CEST) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on + smtp1.linux-foundation.org +X-Spam-Level: +X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, FSL_HELO_NON_FQDN_1 + autolearn=ham version=3.3.1 +Received: from Jonass-MacBook-Pro-2.local (cable-static-140-182.teleport.ch + [87.102.140.182]) by server3 (Postfix) with ESMTPSA id 85F1D2D003BE + for <bitcoin-dev@lists.linuxfoundation.org>; + Thu, 9 Jun 2016 08:57:32 +0200 (CEST) +To: bitcoin-dev@lists.linuxfoundation.org +References: <20160608234728.GQ32334@dosf1.alfie.wtf> + <CAAS2fgTtu8nqwgrO1u8SRuga6ozcYt7NEDR_tv+cuA3uqgtKvA@mail.gmail.com> + <20160609014259.GT32334@dosf1.alfie.wtf> +From: Jonas Schnelli <dev@jonasschnelli.ch> +Message-ID: <57591359.4050607@jonasschnelli.ch> +Date: Thu, 9 Jun 2016 08:57:29 +0200 +User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) + Gecko/20100101 Thunderbird/38.7.2 +MIME-Version: 1.0 +In-Reply-To: <20160609014259.GT32334@dosf1.alfie.wtf> +Content-Type: multipart/signed; micalg=pgp-sha256; + protocol="application/pgp-signature"; + boundary="fS1qbn8bfdss4oS3cRF3HTOIS1RNhSlsi" +Subject: Re: [bitcoin-dev] BIP 151 MITM +X-BeenThere: bitcoin-dev@lists.linuxfoundation.org +X-Mailman-Version: 2.1.12 +Precedence: list +List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> +List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> +List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> +List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> +List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> +List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> +X-List-Received-Date: Thu, 09 Jun 2016 06:57:36 -0000 + +This is an OpenPGP/MIME signed message (RFC 4880 and 3156) +--fS1qbn8bfdss4oS3cRF3HTOIS1RNhSlsi +Content-Type: multipart/mixed; boundary="qSRNXs7ik6QbD2j3BUjHUtO9Q5efArpwa" +From: Jonas Schnelli <dev@jonasschnelli.ch> +To: bitcoin-dev@lists.linuxfoundation.org +Message-ID: <57591359.4050607@jonasschnelli.ch> +Subject: Re: [bitcoin-dev] BIP 151 MITM +References: <20160608234728.GQ32334@dosf1.alfie.wtf> + <CAAS2fgTtu8nqwgrO1u8SRuga6ozcYt7NEDR_tv+cuA3uqgtKvA@mail.gmail.com> + <20160609014259.GT32334@dosf1.alfie.wtf> +In-Reply-To: <20160609014259.GT32334@dosf1.alfie.wtf> + +--qSRNXs7ik6QbD2j3BUjHUtO9Q5efArpwa +Content-Type: text/plain; charset=windows-1252 +Content-Transfer-Encoding: quoted-printable + +Hi + +> On Thu, Jun 09, 2016 at 01:24:09AM +0000, Gregory Maxwell wrote: +>> Reduction to plaintext isn't an interesting attack vector for an activ= +e +>> attacker: they can simply impersonate the remote side. +>> +>> This is addressed via authentication, where available, which is done b= +y a +>> separate specification that builds on this one. +>=20 +> Are there any links to discussions on how authentication may be done? + +I'm currently working on the Auth-BIP which is not worth reviewing it +right now (I will post it to the mailing list once it has been reached a +stable level where it can be discusses). + +If you can't wait, here is the current work: +https://github.com/jonasschnelli/bips/blob/35d7e382cdd6955ff42726c3d06c44= +e33f61ae52/bip-undef-0.mediawiki + + +Most recent MITM/auth discussion (there where plenty of discussions on +IRC about this topic): +https://botbot.me/freenode/bitcoin-core-dev/2016-04-04/?msg=3D63463826&pa= +ge=3D3 + + +</jonas> + + +--qSRNXs7ik6QbD2j3BUjHUtO9Q5efArpwa-- + +--fS1qbn8bfdss4oS3cRF3HTOIS1RNhSlsi +Content-Type: application/pgp-signature; name="signature.asc" +Content-Description: OpenPGP digital signature +Content-Disposition: attachment; filename="signature.asc" + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQIcBAEBCAAGBQJXWRNZAAoJECnUvLZBb1PsmLQP/iIpjnYgQL7q0BEToEh6BYWH +thz2P5UwKT+/2ZhC79e3vdC4LfP4iNJ8Ap19SaVydfADajtjSP2jA3RvD4XYkDYc +iSGdsLU/tBXlbWK2rBxPXrTkoLmt94tJC52O+4AZRnfUMtgN/YDzCuw5xgfw/sxc +0uHBQFVhVhbZ7ZPegmfCIKIxA5spNZu+34M6igJoV9nmqFC5/v5LsPDdzClXDU2k +wLukATtST+UAWiErZ4dVG/ckIwZyxo15kdpkl+9qBxlz9BCSwvRN9g35PAdkHPDk +j6PnHzO1AuXBFBI/oATMrYvjIztMrkQjauv/bYc1YK9+vPY9bAp8F31Ez9YYTTFn +hJm07UON7FXn5wgrx2UcR+UbXlmIEuCbGTQR79k44lrv8FWq1rzD/5yuW6EOlA/K +vhPeaifs1+zjG14PxOMQVZCfdy5PGDR17Xhcr7OFNZt9YEQiscpweTfJAD+PTpHn +ru1NowGEKfdDiLAHHaIRLe4hHTdknt5O/81f6/MxpqxktJ+M5GY6q11hX5mohkC6 +PZieEa3jZc8CL+tfgGLL1qclnUhzjO49yf8KLkKeHst4nCakLPW1X8OzmyJO8aYw +L6/BTS5MpTNyVlYCgyN0yeEOnS5UvHmXVFNrnUlAbgZAhJgRTGyHpWDuprBzdga3 +BVx/3Xib0Wl7oarnEvuM +=l2Zx +-----END PGP SIGNATURE----- + +--fS1qbn8bfdss4oS3cRF3HTOIS1RNhSlsi-- + |