Return-Path: Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 89F29C0051 for ; Mon, 24 Aug 2020 20:17:21 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 7179C87FB5 for ; Mon, 24 Aug 2020 20:17:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sYPJXhxBC8vU for ; Mon, 24 Aug 2020 20:17:19 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) by hemlock.osuosl.org (Postfix) with ESMTPS id C12DD87EC0 for ; Mon, 24 Aug 2020 20:17:19 +0000 (UTC) Received: by mail-pj1-f49.google.com with SMTP id 2so16081pjx.5 for ; Mon, 24 Aug 2020 13:17:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=voskuil-org.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=jYcdRRb0SpZdYrjtPEtiUr0ivoKJxMMR+NBMdN5jlCM=; b=caI+VTccrdXktixNaok+/6b+O1LMK/gBl4dO5Gy24aoXO9PcJVE/4V5vu/MbJH5xU9 MRbs5NPjwPB6wJOe9vUKquWSw/6QqQfamQUE+14TlgMEMLHGFogggxgs1QIjQfgc6TlM yUQH6lR2DOyOx/Ixw8o3FYCmRiX3SMkeJzzfNXCPqrNU86JgG+XK+MQUqvft6GlO/Ymd wXG8vKY+ghse28mnv8LWkLUCYOPaZamictsJ07raeURhCnQLcfG4yf3ckGzfXXODkzT8 boY9NO/7UoOFvavksX6Sd4ZpWSa50MkUOlInBRpcw7nwGJyBhb3HtvT95z2wc8hLgQWt ka3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=jYcdRRb0SpZdYrjtPEtiUr0ivoKJxMMR+NBMdN5jlCM=; b=IPBzmTVquoq6ejv3boIkzQc8Q8+1BiBjboYZ0oSpVTBdHIzDhwx/VN2BxFz32bqsHU VyVkxC7rqEw9hBDrHcv0mQAvFILcMmEfUNjexnTCyfPQdm7HR/QTQqdcXo8RcWUhKNws MSFQBnfARzGUx8Zs0M6aOjx3AVUd0/MLHgGvGw099A0gDSXbpBfLh+VHxJuJ1aZhNlAY PtSd+RpjTV4DqSj+MX6b41jfO5fsxcuFq083i2kFx+ZkXQgJbo/uePu7+mFV8pZ/k9FT Ce3OoW6eb2ZPu4nwbONBtKNBxo0KeAm9CULQr7QUjMCLSQkqWSCaBvflxiI9/WUV2gFT 7Qgg== X-Gm-Message-State: AOAM53254p/Chw8dCpSMCksHme6F+0DRrzb0YLqjqiKqcNq6yVY0/JiZ lAGa4dfb3UTPSRao9ltaZPlTbg== X-Google-Smtp-Source: ABdhPJwYmhjS261Q45DoDvI9FKVOwi2JICq1FFDgzXhmzhuHkzVCr7IzWXseTe1frYq0mn1wlyKKuw== X-Received: by 2002:a17:90a:bd15:: with SMTP id y21mr770887pjr.144.1598300239128; Mon, 24 Aug 2020 13:17:19 -0700 (PDT) Received: from ?IPv6:2600:380:705e:6b65:8d01:1dee:2537:4ab1? ([2600:380:705e:6b65:8d01:1dee:2537:4ab1]) by smtp.gmail.com with ESMTPSA id m7sm8219200pfm.31.2020.08.24.13.17.18 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Aug 2020 13:17:18 -0700 (PDT) Content-Type: multipart/alternative; boundary=Apple-Mail-C0F4CCDF-6ED9-4B16-93C9-2A2BEE501AA9 Content-Transfer-Encoding: 7bit From: Eric Voskuil Mime-Version: 1.0 (1.0) Date: Mon, 24 Aug 2020 13:17:17 -0700 Message-Id: <5B76307E-9810-49F1-8289-E0F0E84ACD72@voskuil.org> References: In-Reply-To: To: Jeremy X-Mailer: iPhone Mail (17G80) X-Mailman-Approved-At: Mon, 24 Aug 2020 20:21:17 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Generalizing feature negotiation when new p2p connections are setup X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2020 20:17:21 -0000 --Apple-Mail-C0F4CCDF-6ED9-4B16-93C9-2A2BEE501AA9 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I said security, not privacy. You are in fact exposing the feature to any no= de that wants to negotiate for it. if you don=E2=80=99t want to expose the b= uggy feature, then disable it. Otherwise you cannot prevent peers from acces= sing it. Presumably peers prefer the new feature if they support it, so ther= e is no need for this complexity. e > On Aug 24, 2020, at 12:59, Jeremy wrote: >=20 > =EF=BB=BF >>=20 >> >> On 8/21/20 5:17 PM, Jeremy wrote: >> >> As for an example of where you'd want multi-round, you could imagine a= scenario where you have a feature A which gets bugfixed by the introduction= of feature B, and you don't want to expose that you support A unless you fi= rst negotiate B. Or if you can negotiate B you should never expose A, but fo= r old nodes you'll still do it if B is unknown to them. >>=20 >> This seems to imply a security benefit (I can=E2=80=99t discern any other= rationale for this complexity). It should be clear that this is no more tha= n trivially weak obfuscation and not worth complicating the protocol to achi= eve. >=20 >=20 > The benefit is not privacy oriented and I didn't intend to imply as such. T= he benefit is that you may only wish to expose functionality to peers which s= upport some other set of features. For example, with wtxid relay, I might wa= nt to expose some additional functionality after establishing my peer suppor= ts it, that peers which do not have wtxid relay should not be allowed to use= . The benefit over just exposing all functions is then a node might be progr= ammed to support the new feature but not wtxid relay, which can lead to some= incompatibilities. >=20 > You cannot implement this logic as a purely post-hoc "advertise all and th= en figure out what is allowed" because then you require strict consistency b= etween peers of that post-hoc feature availability implication map. --Apple-Mail-C0F4CCDF-6ED9-4B16-93C9-2A2BEE501AA9 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
I said security, not priva= cy. You are in fact exposing the feature to any node that wants to negotiate= for it. if you don=E2=80=99t want to expose the buggy feature, then disable= it. Otherwise you cannot prevent peers from accessing it. Presumably peers p= refer the new feature if they support it, so there is no need for this compl= exity.

e

On Aug 24, 2020, at 12:59, Jeremy <jlru= bin@mit.edu> wrote:

<= div dir=3D"ltr">=EF=BB=BF

>> On 8/21/20 5:17 PM, Jeremy wrote:
>> As for an example of where you'd want multi-round, you could imagin= e a scenario where you have a feature A which gets bugfixed by the introduct= ion of feature B, and you don't want to expose that you support A unless you= first negotiate B. Or if you can negotiate B you should never expose A, but= for old nodes you'll still do it if B is unknown to them.

This seems to imply a security benefit (I can=E2=80=99t discern any other ra= tionale for this complexity). It should be clear that this is no more than t= rivially weak obfuscation and not worth complicating the protocol to achieve= .

The benefit is not privacy oriented and I didn't intend to imply as such= . The benefit is that you may only wish to expose functionality to peers whi= ch support some other set of features. For example, with wtxid relay, I migh= t want to expose some additional functionality after establishing my peer su= pports it, that peers which do not have wtxid relay should not be allowed to= use. The benefit over just exposing all functions is then a node might be p= rogrammed to support the new feature but not wtxid relay, which can lead to s= ome incompatibilities.

You cannot implement this logic as a purely= post-hoc "advertise all and then figure out what is allowed" because then y= ou require strict consistency between peers of that post-hoc feature availab= ility implication map.
= --Apple-Mail-C0F4CCDF-6ED9-4B16-93C9-2A2BEE501AA9--