summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarcel Jamin <marcel@jamin.net>2017-03-05 07:29:16 +0100
committerbitcoindev <bitcoindev@gnusha.org>2017-03-05 06:29:19 +0000
commitaed01a0d0a1f287b3ba24b0bec5114c4b47205ad (patch)
treeaf04958b3960b0d644281ab2952f5a6de30fd266
parent875833e53a479ebb5e6779c1d439559d0edfc1f5 (diff)
downloadpi-bitcoindev-aed01a0d0a1f287b3ba24b0bec5114c4b47205ad.tar.gz
pi-bitcoindev-aed01a0d0a1f287b3ba24b0bec5114c4b47205ad.zip
Re: [bitcoin-dev] Unique node identifiers
-rw-r--r--9e/7cae96c697a5a92ef97b01bb81f55cd13eb42d313
1 files changed, 313 insertions, 0 deletions
diff --git a/9e/7cae96c697a5a92ef97b01bb81f55cd13eb42d b/9e/7cae96c697a5a92ef97b01bb81f55cd13eb42d
new file mode 100644
index 000000000..cbc50b867
--- /dev/null
+++ b/9e/7cae96c697a5a92ef97b01bb81f55cd13eb42d
@@ -0,0 +1,313 @@
+Return-Path: <marcel@jamin.net>
+Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
+ [172.17.192.35])
+ by mail.linuxfoundation.org (Postfix) with ESMTPS id 1DB501276
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Sun, 5 Mar 2017 06:29:19 +0000 (UTC)
+X-Greylist: whitelisted by SQLgrey-1.7.6
+Received: from mail-vk0-f51.google.com (mail-vk0-f51.google.com
+ [209.85.213.51])
+ by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 0D765AC
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Sun, 5 Mar 2017 06:29:17 +0000 (UTC)
+Received: by mail-vk0-f51.google.com with SMTP id x75so21893739vke.2
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Sat, 04 Mar 2017 22:29:17 -0800 (PST)
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=jamin-net.20150623.gappssmtp.com; s=20150623;
+ h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
+ bh=EwQlRpfVkDJRQ/LeHgN3qj2GxslJZLQfXLVibNpO/Wk=;
+ b=FJ38dQiFrbYxmARt0WhG95GgBvsdBMxy4bMykwGHixGyt1UbEZ+FK8t12CjO7HCpoY
+ voDefx2wKbcMvTpULLEEt9o++42AJCRUVVPy0+kXpIF524musN+OtkOu+XL3BqAVR4Li
+ IuBodb9AKBWEv0gbppR5+yOV++r5rZuHKikog3+d37dQxysN6v8nvhXfWG9xEeaj0HxL
+ KfUCrTgZ0Mf5QWdnqSqrI+dyu3d2H/eGMXv/5LEoip1pyENd/feHXlpQRUzfY6brf/yU
+ UXaSUEIKJ1LDpu6vO9I87XnFH4OFou4pPPo2ask9HkgakS9UzINbthYaI7MBQWX4WASP
+ s9ZA==
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=1e100.net; s=20161025;
+ h=x-gm-message-state:mime-version:in-reply-to:references:from:date
+ :message-id:subject:to;
+ bh=EwQlRpfVkDJRQ/LeHgN3qj2GxslJZLQfXLVibNpO/Wk=;
+ b=jm7zB5DNNt18Q7K6M4YqdOesyj9NVBaDCjcwF8HUyz9J7IuPTblG0/2LVizOBA894N
+ Y4IdmL/FDCn/yFCb81eWQGFlWmsVoTIe+pk+kEMnVWmS2Qb53rLBdS2EJpmx4g7jbJtR
+ B5soDlAiEQPLVWRfC2gbS964BtvxuWB8eFd5rnUt7zCetYLCZjuEKWYSco0XlfWLpHn/
+ sXvy/gVniC1DQrBWOvYNsXC+Ct+3fgnvLbmG9L+Iq/r51Vwq2VzC/N/OHcAz1hpbI4rN
+ udSeDCKog9HFZgJcPBLedd0xBANrA5KBFeLmHN2yQbgLFcmOQHmx9DcXNZ3OUxfJrGPB
+ UtwA==
+X-Gm-Message-State: AMke39m919wjoq5aIcVFnMyRw+aTHrJteKPIGAL+g4C3Q7kvzxmZNchAkwtsx6NHOOilYbKb1QAd7g2GfQcWsQ==
+X-Received: by 10.31.190.142 with SMTP id o136mr4544889vkf.73.1488695356892;
+ Sat, 04 Mar 2017 22:29:16 -0800 (PST)
+MIME-Version: 1.0
+Received: by 10.103.30.194 with HTTP; Sat, 4 Mar 2017 22:29:16 -0800 (PST)
+In-Reply-To: <BL2PR03MB435C5077E69D91D0A8092B6EE2A0@BL2PR03MB435.namprd03.prod.outlook.com>
+References: <BL2PR03MB435C5077E69D91D0A8092B6EE2A0@BL2PR03MB435.namprd03.prod.outlook.com>
+From: Marcel Jamin <marcel@jamin.net>
+Date: Sun, 5 Mar 2017 07:29:16 +0100
+Message-ID: <CAAUq487S-rvt+fee4961ACyVYaHb=7f2TqppoVO=_WdHfYEExw@mail.gmail.com>
+To: John Hardy <john@seebitcoin.com>,
+ Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
+Content-Type: multipart/alternative; boundary=001a1143a674ed3b800549f5e542
+X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
+ DKIM_VALID, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
+X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
+ smtp1.linux-foundation.org
+X-Mailman-Approved-At: Sun, 05 Mar 2017 13:12:41 +0000
+Subject: Re: [bitcoin-dev] Unique node identifiers
+X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
+X-Mailman-Version: 2.1.12
+Precedence: list
+List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
+List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
+List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
+List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
+List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
+List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
+X-List-Received-Date: Sun, 05 Mar 2017 06:29:19 -0000
+
+--001a1143a674ed3b800549f5e542
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: quoted-printable
+
+> This could even come in the form of a Bitcoin address.
+
+Wouldn't this actually *need* to be a bitcoin address that is included in a
+block to get any real assurances about the age if this node id? Otherwise
+malicous nodes could lie and claim to have seen a brand new node id years
+ago already.
+
+Even if included in a block, people could sell their aged IDs (if we were
+to rely on those for anything).
+
+Also funding that ID address would might tie your economic activity (or
+even identity) to a node.
+
+On 4 March 2017 at 17:04, John Hardy via bitcoin-dev <
+bitcoin-dev@lists.linuxfoundation.org> wrote:
+
+> The discussion of UASF got me thinking about whether such a method might
+> lead to sybil attacks, with new nodes created purely to inflate the node
+> count for a particular implementation in an attempt at social engineering=
+.
+>
+> I had an idea for an anonymous, opt-in, unique node identification
+> mechanism to help counter this.
+>
+> This would give every node the opportunity to create a node
+> =E2=80=98address=E2=80=99/unique identifier. This could even come in the =
+form of a Bitcoin
+> address.
+>
+> The node on first installation generates and backs up a private key. The
+> corresponding public key becomes that node=E2=80=99s unique identifier. I=
+f the node
+> switches to a new software version or a new IP, the identifier can remain
+> constant if the node operator chooses.
+>
+> Asking a node for its identifier can be done by sending a message the
+> command =E2=80=98identify=E2=80=99 and a challenge. The node can then res=
+pond with its
+> unique identifier and a signature for the challenge to prove it. The node
+> can also include what software it is running and sign this information so
+> it can be verified as legitimate by third parties.
+>
+> Why would we do this?
+>
+> Well, it adds a small but very useful piece of data when compiling lists
+> of active nodes.
+>
+> Any register of active nodes can have a record of when a node identifier
+> was =E2=80=9Cfirst seen=E2=80=9D, and how many IPs the same identifier ha=
+s broadcast from.
+> Also, crucially, we could see what software the node operator has been se=
+en
+> running historically.
+>
+> This information would make it easy to identify patterns. For example if =
+a
+> huge new group of nodes appeared on the network with no history for their
+> identifier they could likely be dismissed as sybil attacks. If a huge
+> number of nodes that had been reporting as Bitcoin Core for an extended
+> period of time started switching to a rival implementation, this would ad=
+d
+> credibility but not certainty (keys could be traded), that the shift was
+> more organic.
+>
+> This would be trivial to implement, is (to me?) non-controversial, and
+> would give a way for a node to link itself to a pseudo-anonymous identity=
+,
+> but with the freedom to opt-out at any time.
+>
+> Keen to hear any thoughts?
+>
+> Thanks,
+>
+> John Hardy
+>
+> john@seebitcoin.com
+>
+>
+> _______________________________________________
+> bitcoin-dev mailing list
+> bitcoin-dev@lists.linuxfoundation.org
+> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
+>
+>
+
+--001a1143a674ed3b800549f5e542
+Content-Type: text/html; charset=UTF-8
+Content-Transfer-Encoding: quoted-printable
+
+<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:monospac=
+e,monospace;font-size:small;color:rgb(12,52,61)">&gt;=C2=A0<span style=3D"c=
+olor:rgb(0,0,0);font-family:arial;font-size:14.6667px;white-space:pre-wrap"=
+>This could even come in the form of a Bitcoin address.</span></div><div cl=
+ass=3D"gmail_default" style=3D"font-family:monospace,monospace;font-size:sm=
+all;color:rgb(12,52,61)"><span style=3D"color:rgb(0,0,0);font-family:arial;=
+font-size:14.6667px;white-space:pre-wrap"><br></span></div><div class=3D"gm=
+ail_default" style=3D"font-family:monospace,monospace;font-size:small;color=
+:rgb(12,52,61)"><span style=3D"color:rgb(0,0,0);font-family:arial;font-size=
+:14.6667px;white-space:pre-wrap">Wouldn&#39;t this actually *need* to be a =
+bitcoin address that is included in a block to get any real assurances abou=
+t the age if this node id? Otherwise malicous nodes could lie and claim to =
+have seen a brand new node id years ago already.</span></div><div class=3D"=
+gmail_default" style=3D"font-family:monospace,monospace;font-size:small;col=
+or:rgb(12,52,61)"><span style=3D"color:rgb(0,0,0);font-family:arial;font-si=
+ze:14.6667px;white-space:pre-wrap"><br></span></div><div class=3D"gmail_def=
+ault" style=3D"font-family:monospace,monospace;font-size:small;color:rgb(12=
+,52,61)"><span style=3D"color:rgb(0,0,0);font-family:arial;font-size:14.666=
+7px;white-space:pre-wrap">Even if included in a block, people could sell th=
+eir aged IDs (if we were to rely on those for anything).</span></div><div c=
+lass=3D"gmail_default" style=3D"font-family:monospace,monospace;font-size:s=
+mall;color:rgb(12,52,61)"><span style=3D"color:rgb(0,0,0);font-family:arial=
+;font-size:14.6667px;white-space:pre-wrap"><br></span></div><div class=3D"g=
+mail_default" style=3D"font-family:monospace,monospace;font-size:small;colo=
+r:rgb(12,52,61)"><span style=3D"color:rgb(0,0,0);font-family:arial;font-siz=
+e:14.6667px;white-space:pre-wrap">Also funding that ID address would might =
+tie your economic activity (or even identity) to a node.</span></div></div>=
+<div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On 4 March 2017 a=
+t 17:04, John Hardy via bitcoin-dev <span dir=3D"ltr">&lt;<a href=3D"mailto=
+:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">bitcoin-dev@lists=
+.linuxfoundation.org</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_qu=
+ote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex=
+">
+
+
+
+
+<div dir=3D"ltr">
+<div id=3D"m_4495502098626100444divtagdefaultwrapper" style=3D"font-size:12=
+pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif" dir=3D"ltr=
+">
+<p><span id=3D"m_4495502098626100444docs-internal-guid-1be5245f-9a0e-19aa-b=
+d44-cdeb0d05121c"></span></p>
+<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
+<span style=3D"font-size:11pt;font-family:Arial;background-color:transparen=
+t;vertical-align:baseline;white-space:pre-wrap">The discussion of UASF got =
+me thinking about whether such
+ a method might lead to sybil attacks, with new nodes created purely to inf=
+late the node count for a particular implementation in an attempt at social=
+ engineering.</span></p>
+<br>
+<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
+<span style=3D"font-size:11pt;font-family:Arial;background-color:transparen=
+t;vertical-align:baseline;white-space:pre-wrap">I had an idea for an anonym=
+ous, opt-in, unique node identification
+ mechanism to help counter this.</span></p>
+<br>
+<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
+<span style=3D"font-size:11pt;font-family:Arial;background-color:transparen=
+t;vertical-align:baseline;white-space:pre-wrap">This would give every node =
+the opportunity to create a
+ node =E2=80=98address=E2=80=99/unique identifier. This could even come in =
+the form of a Bitcoin address.</span></p>
+<br>
+<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
+<span style=3D"font-size:11pt;font-family:Arial;background-color:transparen=
+t;vertical-align:baseline;white-space:pre-wrap">The node on first installat=
+ion generates and backs up
+ a private key. The corresponding public key becomes that node=E2=80=99s un=
+ique identifier. If the node switches to a new software version or a new IP=
+, the identifier can remain constant if the node operator chooses.</span></=
+p>
+<br>
+<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
+<span style=3D"font-size:11pt;font-family:Arial;background-color:transparen=
+t;vertical-align:baseline;white-space:pre-wrap">Asking a node for its ident=
+ifier can be done by sending
+ a message the command =E2=80=98identify=E2=80=99 and a challenge. The node=
+ can then respond with its unique identifier and a signature for the challe=
+nge to prove it. The node can also include what software it is running and =
+sign this information so it can be verified as legitimate
+ by third parties.</span></p>
+<br>
+<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
+<span style=3D"font-size:11pt;font-family:Arial;background-color:transparen=
+t;vertical-align:baseline;white-space:pre-wrap">Why would we do this?</span=
+></p>
+<br>
+<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
+<span style=3D"font-size:11pt;font-family:Arial;background-color:transparen=
+t;vertical-align:baseline;white-space:pre-wrap">Well, it adds a small but v=
+ery useful piece of data when
+ compiling lists of active nodes.</span></p>
+<br>
+<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
+<span style=3D"font-size:11pt;font-family:Arial;background-color:transparen=
+t;vertical-align:baseline;white-space:pre-wrap">Any register of active node=
+s can have a record of when
+ a node identifier was =E2=80=9Cfirst seen=E2=80=9D, and how many IPs the s=
+ame identifier has broadcast from. Also, crucially, we could see what softw=
+are the node operator has been seen running historically.</span></p>
+<br>
+<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
+<span style=3D"font-size:11pt;font-family:Arial;background-color:transparen=
+t;vertical-align:baseline;white-space:pre-wrap">This information would make=
+ it easy to identify patterns.
+ For example if a huge new group of nodes appeared on the network with no h=
+istory for their identifier they could likely be dismissed as sybil attacks=
+. If a huge number of nodes that had been reporting as Bitcoin Core for an =
+extended period of time started
+ switching to a rival implementation, this would add credibility but not ce=
+rtainty (keys could be traded), that the shift was more organic.</span></p>
+<br>
+<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
+<span style=3D"font-size:11pt;font-family:Arial;background-color:transparen=
+t;vertical-align:baseline;white-space:pre-wrap">This would be trivial to im=
+plement, is (to me?) non-controversial,
+ and would give a way for a node to link itself to a pseudo-anonymous ident=
+ity, but with the freedom to opt-out at any time.</span></p>
+<br>
+<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
+<span style=3D"font-size:11pt;font-family:Arial;background-color:transparen=
+t;vertical-align:baseline;white-space:pre-wrap">Keen to hear any thoughts?<=
+/span></p>
+<br>
+<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
+<span style=3D"font-size:11pt;font-family:Arial;background-color:transparen=
+t;vertical-align:baseline;white-space:pre-wrap">Thanks,</span></p>
+<br>
+<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
+<span style=3D"font-size:11pt;font-family:Arial;background-color:transparen=
+t;vertical-align:baseline;white-space:pre-wrap">John Hardy</span></p>
+<p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt">=
+<span style=3D"font-size:11pt;font-family:Arial;background-color:transparen=
+t;vertical-align:baseline;white-space:pre-wrap"><a href=3D"mailto:john@seeb=
+itcoin.com" target=3D"_blank">john@seebitcoin.com</a></span></p>
+
+<p></p>
+</div>
+</div>
+
+<br>______________________________<wbr>_________________<br>
+bitcoin-dev mailing list<br>
+<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
+<wbr>linuxfoundation.org</a><br>
+<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
+rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
+/mailman/listinfo/bitcoin-<wbr>dev</a><br>
+<br></blockquote></div><br></div>
+
+--001a1143a674ed3b800549f5e542--
+