Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XJydl-000825-Kx for bitcoin-development@lists.sourceforge.net; Wed, 20 Aug 2014 05:40:57 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.212.178 as permitted sender) client-ip=209.85.212.178; envelope-from=da2ce7@gmail.com; helo=mail-wi0-f178.google.com; Received: from mail-wi0-f178.google.com ([209.85.212.178]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XJydk-0007Og-4I for bitcoin-development@lists.sourceforge.net; Wed, 20 Aug 2014 05:40:57 +0000 Received: by mail-wi0-f178.google.com with SMTP id hi2so6331710wib.11 for ; Tue, 19 Aug 2014 22:40:49 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.180.187.20 with SMTP id fo20mr4761306wic.58.1408513249889; Tue, 19 Aug 2014 22:40:49 -0700 (PDT) Received: by 10.194.48.51 with HTTP; Tue, 19 Aug 2014 22:40:49 -0700 (PDT) Received: by 10.194.48.51 with HTTP; Tue, 19 Aug 2014 22:40:49 -0700 (PDT) In-Reply-To: References: Date: Wed, 20 Aug 2014 07:40:49 +0200 Message-ID: From: Cameron Garnham To: Un Ix Content-Type: multipart/alternative; boundary=001a11c38366ebd3b20501090b01 X-Spam-Score: -0.1 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (da2ce7[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (da2ce7[at]gmail.com) 1.0 HTML_MESSAGE BODY: HTML included in message 0.3 HTML_FONT_FACE_BAD BODY: HTML font face is not a word -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1XJydk-0007Og-4I Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] Proposal: Encrypt bitcoin messages X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Aug 2014 05:40:57 -0000 --001a11c38366ebd3b20501090b01 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable We should aim to use perfect forward secrecy between all nodes by default. This forces the attacker to do a MITM attack that is far more expensive on the large scale. I don't see why this is seen as so controversial. It is relatively cheap to implement on our side, and has a dramatic increase of cost for any attackers. Cam. On 20/08/2014 5:49 am, "Un Ix" wrote: > Excuse the ignorance, but there is something I=E2=80=99m not getting in = this > discussion. > > Given it=E2=80=99s a published protocol, with available source code runni= ng on an > open P2P network, why would any messages between nodes benefit from being > encrypted? Surely all the data being processed by the network is known to > any persistent client node(s)? > > Seems like that solution is orthogonal to the root problem, where > attackers could monitor the network and deduce IP addresses by e.g. mappi= ng > senders of transactions. > > *From:* Peter Todd > *Sent:* =E2=80=8EWednesday=E2=80=8E, =E2=80=8EAugust=E2=80=8E =E2=80=8E20= =E2=80=8E, =E2=80=8E2014 =E2=80=8E9=E2=80=8E:=E2=80=8E28=E2=80=8E =E2=80=8E= AM > *To:* William Yager , > bitcoin-development@lists.sourceforge.net > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > > > On 19 August 2014 21:19:43 GMT-04:00, William Yager > wrote: > >On Tue, Aug 19, 2014 at 8:14 PM, Peter Todd wrote: > >> In any case, my suggestion of enabling hidden service support by > >default > >> adds both encryption and reasonably good authentication. > > > > > >Enabling hidden service support by default would introduce an insanely > >huge > >attack surface. > > Hence my suggestion of separating that surface by using the standalone To= r > binary, which runs under a different user to the Bitcoin Core binary. > > >And you're conflating two different things; using Tor is valuable to > >Bitcoin because it would provide some anonymity. The encryption aspect > >is > >pretty much useless for us. > > First of all, without encryption we're leaking significant amounts of > information to any passive attacker trying to trace the origin of Bitcoin > transactions, a significant privacy risk. > > Secondly the upcoming v0.10's fee estimation implementation is quite > vulnerable to Sybil attacks. Authentication and encryption are needed to > make it secure from ISP-level targeting to ensure that your view of the > network is representative. Tor support used in parallel with native > connection is ideal here, as neither the Tor network nor your ISP alone c= an > Sybil attack you. It's notable that Bitcoinj has already implemented Tor > support for these same reasons. > -----BEGIN PGP SIGNATURE----- > Version: APG v1.1.1 > > iQFQBAEBCAA6BQJT8/mSMxxQZXRlciBUb2RkIChsb3cgc2VjdXJpdHkga2V5KSA8 > cGV0ZUBwZXRlcnRvZGQub3JnPgAKCRAZnIM7qOfwhRZjCAC4PSpQ68qgtFMR77xf > zXZLr/iMKX6yyJwXRj+vGi+0Ng/sv9NlYjYnDeflom37WlpGo/sCOFcVWImhnS2d > kUFoUH92iXwRuEt/SN/LrHghkLWOxtVu9wa49eS/piGZFF3JWllk82MgdBZ6vjNw > B6WuInEIurK+h8rUbAi2HjFkxVN0K0SsrFt/P0tHj10ABcMealBRoJh2Jx7fLNdS > uTKddqeLyThEpLGNti3k+lhwQ2dA5RUBq6q3GUS/hWvTHRnU+viGMJSYv62LXRN5 > t87BXRY/R9UBpnudf3TIlPtOuIWcv2LhlXVjvbDDQqwJkvB3Qf4ejE3RZ28S5IUr > OBQH > =3DGy7X > -----END PGP SIGNATURE----- > > > > -------------------------------------------------------------------------= ----- > Slashdot TV. > Video for Nerds. Stuff that matters. > http://tv.slashdot.org/ > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > -------------------------------------------------------------------------= ----- > Slashdot TV. > Video for Nerds. Stuff that matters. > http://tv.slashdot.org/ > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > --001a11c38366ebd3b20501090b01 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


We should aim to use perfect forward secrecy between all nodes by default.<= /p>

This forces the attacker to do a MITM attack that is far mor= e expensive on the large scale.

I don't see why this is seen as so controversial.=C2=A0 = It is relatively cheap to implement on our side,=C2=A0 and has a dramatic i= ncrease of cost for any attackers.

Cam.

On 20/08/2014 5:49 am, "Un Ix" <slashdevnull@hotmail.com> w= rote:
Excuse= the ignorance, but there is something I=E2=80=99m not getting in this disc= ussion.

Given it=E2=80=99s a published protocol, with available= source code running on an open P2P network, why would any messages between= nodes benefit from=C2=A0being encrypted? Surely all the data being process= ed by the network is known to any persistent client node(s)?

Seems like that solution is orthogonal to the root prob= lem, where attackers could=C2=A0monitor the network and deduce IP addresses= by=C2=A0e.g. mapping senders of transactions.
=C2=A0=C2=A0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



On 19 August 2014 21:19:43 GMT-04:00, William Yager <will.yager@gmail.com> wrote:<= br> >On Tue, Aug 19, 2014 at 8:14 PM, Peter Todd <pete@petertodd.org> wrote:
>> In any case, my suggestion of enabling hidden service support by >default
>> adds both encryption and reasonably good authentication.
>
>
>Enabling hidden service support by default would introduce an insanely<= br> >huge
>attack surface.

Hence my suggestion of separating that surface by using the standalone Tor = binary, which runs under a different user to the Bitcoin Core binary.

>And you're conflating two different things; using Tor is valuable t= o
>Bitcoin because it would provide some anonymity. The encryption aspect<= br> >is
>pretty much useless for us.

First of all, without encryption we're leaking significant amounts of i= nformation to any passive attacker trying to trace the origin of Bitcoin tr= ansactions, a significant privacy risk.

Secondly the upcoming v0.10's fee estimation implementation is quite vu= lnerable to Sybil attacks. Authentication and encryption are needed to make= it secure from ISP-level targeting to ensure that your view of the network= is representative. Tor support used in parallel with native connection is = ideal here, as neither the Tor network nor your ISP alone can Sybil attack = you. It's notable that Bitcoinj has already implemented Tor support for= these same reasons.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1

iQFQBAEBCAA6BQJT8/mSMxxQZXRlciBUb2RkIChsb3cgc2VjdXJpdHkga2V5KSA8
cGV0ZUBwZXRlcnRvZGQub3JnPgAKCRAZnIM7qOfwhRZjCAC4PSpQ68qgtFMR77xf
zXZLr/iMKX6yyJwXRj+vGi+0Ng/sv9NlYjYnDeflom37WlpGo/sCOFcVWImhnS2d
kUFoUH92iXwRuEt/SN/LrHghkLWOxtVu9wa49eS/piGZFF3JWllk82MgdBZ6vjNw
B6WuInEIurK+h8rUbAi2HjFkxVN0K0SsrFt/P0tHj10ABcMealBRoJh2Jx7fLNdS
uTKddqeLyThEpLGNti3k+lhwQ2dA5RUBq6q3GUS/hWvTHRnU+viGMJSYv62LXRN5
t87BXRY/R9UBpnudf3TIlPtOuIWcv2LhlXVjvbDDQqwJkvB3Qf4ejE3RZ28S5IUr
OBQH
=3DGy7X
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------= ---
Slashdot TV.=C2=A0
Video for Nerds.=C2=A0 Stuff that matters.
http://tv.slashdot.or= g/
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment

-----------------------------------------------------------------------= -------
Slashdot TV.
Video for Nerds.=C2=A0 Stuff that matters.
http://tv.slashdot.or= g/
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment

--001a11c38366ebd3b20501090b01--