MIME-Version: 1.0
References: <CAD5xwhgDWpaavk3R5gjUwMU37bRTmKC+o5hHoWVeaiW8WFQNjA@mail.gmail.com>
 <5B76307E-9810-49F1-8289-E0F0E84ACD72@voskuil.org>
In-Reply-To: <5B76307E-9810-49F1-8289-E0F0E84ACD72@voskuil.org>
From: Jeremy <jlrubin@mit.edu>
Date: Mon, 24 Aug 2020 13:21:52 -0700
Message-ID: <CAD5xwhiSf3isoMsVJiv5KQ3n5ymcS+StigkX_eDe5hmAGra-0Q@mail.gmail.com>
To: Eric Voskuil <eric@voskuil.org>
Content-Type: multipart/alternative; boundary="000000000000fa800c05ada55656"
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Generalizing feature negotiation when new p2p
 connections are setup
Precedence: list

--000000000000fa800c05ada55656
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, Aug 24, 2020 at 1:17 PM Eric Voskuil <eric@voskuil.org> wrote:

> I said security, not privacy. You are in fact exposing the feature to any
> node that wants to negotiate for it. if you don=E2=80=99t want to expose =
the buggy
> feature, then disable it. Otherwise you cannot prevent peers from accessi=
ng
> it. Presumably peers prefer the new feature if they support it, so there =
is
> no need for this complexity.
>
>
>
I interpreted* " This seems to imply a security benefit (I can=E2=80=99t di=
scern
any other rationale for this complexity). It should be clear that this is
no more than trivially weak obfuscation and not worth complicating the
protocol to achieve.", *to be about obfuscation and therefore privacy.

The functionality that I'm mentioning might not be buggy, it might just not
support peers who don't support another feature. You can always disconnect
a peer who sends a message that you didn't handshake on (or maybe we should
elbow bump given the times).

--000000000000fa800c05ada55656
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"g=
mail_attr">On Mon, Aug 24, 2020 at 1:17 PM Eric Voskuil &lt;<a href=3D"mail=
to:eric@voskuil.org">eric@voskuil.org</a>&gt; wrote:<br></div><blockquote c=
lass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px soli=
d rgb(204,204,204);padding-left:1ex"><div dir=3D"auto"><div dir=3D"ltr">I s=
aid security, not privacy. You are in fact exposing the feature to any node=
 that wants to negotiate for it. if you don=E2=80=99t want to expose the bu=
ggy feature, then disable it. Otherwise you cannot prevent peers from acces=
sing it. Presumably peers prefer the new feature if they support it, so the=
re is no need for this complexity.</div><div dir=3D"ltr"><br></div><br></di=
v></blockquote><div><br></div><div style=3D"font-family:arial,helvetica,san=
s-serif;font-size:small;color:rgb(0,0,0)" class=3D"gmail_default">I interpr=
eted<b> &quot;<span class=3D"gmail-im">
This seems to imply a security benefit (I can=E2=80=99t discern any other=
=20
rationale for this complexity). It should be clear that this is no more=20
than trivially weak obfuscation and not worth complicating the protocol=20
to achieve.</span>&quot;, </b>to be about obfuscation and therefore privacy=
.</div><div style=3D"font-family:arial,helvetica,sans-serif;font-size:small=
;color:rgb(0,0,0)" class=3D"gmail_default"><br></div><div style=3D"font-fam=
ily:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)" class=3D"g=
mail_default">The functionality that I&#39;m mentioning might not be buggy,=
 it might just not support peers who don&#39;t support another feature. You=
 can always disconnect a peer who sends a message that you didn&#39;t hands=
hake on (or maybe we should elbow bump given the times).<br></div><div styl=
e=3D"font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0=
)" class=3D"gmail_default"><b></b></div></div></div>

--000000000000fa800c05ada55656--