Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id E72FAA3F for ; Tue, 28 Jun 2016 22:07:49 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wm0-f46.google.com (mail-wm0-f46.google.com [74.125.82.46]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 189B120E for ; Tue, 28 Jun 2016 22:07:48 +0000 (UTC) Received: by mail-wm0-f46.google.com with SMTP id f126so157400634wma.1 for ; Tue, 28 Jun 2016 15:07:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=voskuil-org.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=EABzp2xrsDvGiZyekF03bDgIwlko3L+vYjTnpTWCKW8=; b=RfC103e3sKJmnkJB0Q2WoroLqoE0aSdCA4aJgHS8n87X6EGtcbtM6Cs6SVt4ZjzfNR fW0K7nMvVKwEUnVKD0z9ng4GzTxOS33O2t/8j/gLEvM2f3kOHT4AgSnJmFbQjba+2UOi CUMPJmyCgDO5ZbvwKpQIbcxodDzpoXzluwOPPeMOGrxSq4n43XKyhWV+/Fvd/GGbGczK KJB8cleDStZnA2jA+9Y7B27T9orSFYRSgU3uXVKXuy9n27TpBTALjxPnEENDaV+Y88y0 GjSFsWTsWvWSqtmw8/2VD2j3Glt2T51uTzlOeRy6lpQoEoGymhKrtfroO2+c7qjgjbG8 gTYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=EABzp2xrsDvGiZyekF03bDgIwlko3L+vYjTnpTWCKW8=; b=Ye7q6SfcqzXvBiI0+UxAsoSaXd9hM7mYXMLGEhj1QP5yP4CMK6fmagzvr46ZkzAXk5 EAfvT27XhRxz1oBxxDEZE7HrmdlGVdBJfQwieljruNQFYsZcb2zswGv1KZGgxEqhqFah ldcrEuP0EjARWwXQK+DtfMJaUCkD+tVr4QoVFDsmvfo610hf8EUKobwkp4kG1zF8eVqU vh/3z34P1n5AD8y2t7WP7h+bF9/1bKgYgDCyc5yWDXYohtiDLq6CcRCzp8Hg8DFjCTyf 1/qRZmcR7mVqL82NaQK9QOoQurRkMbX/jBKUKVMbyz2qIzsNWtl3ON7rY2JbkQsPzktX 0NKA== X-Gm-Message-State: ALyK8tISuHuyKuJe+pu2w30/kN1xttLsXkz6oqcyhPsU2h1fMHzaTm/LYvqXt37OCKCJ2g== X-Received: by 10.194.70.41 with SMTP id j9mr5062349wju.30.1467151667482; Tue, 28 Jun 2016 15:07:47 -0700 (PDT) Received: from [10.114.7.71] ([41.33.219.246]) by smtp.gmail.com with ESMTPSA id h8sm438008wjg.9.2016.06.28.15.07.46 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 28 Jun 2016 15:07:46 -0700 (PDT) Content-Type: multipart/alternative; boundary=Apple-Mail-31DA2FB7-1948-48E8-9965-B14526C14D81 Mime-Version: 1.0 (1.0) From: Eric Voskuil X-Mailer: iPhone Mail (13F69) In-Reply-To: Date: Wed, 29 Jun 2016 00:07:45 +0200 Content-Transfer-Encoding: 7bit Message-Id: References: <87h9cecad5.fsf@rustcorp.com.au> <1E86A00F-0609-4DBC-9543-94AE04CC13C9@voskuil.org> <577234A4.3030808@jonasschnelli.ch> <360EF9B8-A174-41CA-AFDD-2BC2C0B4DECB@voskuil.org> <20160628182202.GA5519@fedora-21-dvm> <20160628201447.GA1148@fedora-21-dvm> <4DCF7DD2-6533-4F79-8CA1-871B67C01BDA@voskuil.org> <20160628203605.GA1328@fedora-21-dvm> To: Cameron Garnham X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HTML_MESSAGE, MIME_QP_LONG_LINE, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] BIP 151 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2016 22:07:50 -0000 --Apple-Mail-31DA2FB7-1948-48E8-9965-B14526C14D81 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Hi Cameron, good to hear from you! > On Jun 28, 2016, at 11:40 PM, Cameron Garnham wrote: >=20 > Unauthenticated link level encryption is wonderful! MITM attacks are overr= ated; as they require an active attacker. This is not really the case with Bitcoin. A MITM attack does not require tha= t the attacker find a way to inject traffic into the communication between n= odes. Peers will connect to the attacker directly, or accept connections dir= ectly from it. Such attacks can be easier than even passive attacks. > Stopping passive attacks is the low hanging fruit. This should be taken fi= rst. >=20 > Automated and secure peer authentication in a mesh network is a huge topic= . One of the unsolved problems in computer science. >=20 > A simple 'who is that' by asking for the fingerprint of your peers from yo= ur other peers is a very simple way to get 'some' authentication. Semi-trus= ted index nodes also is a low hanging fruit for authentication. It is the implication of widespread authentication that is at issue. Clearly= there are ways to implement it using a secure side channels. > However, let's first get unauthenticated encryption. Force the attackers t= o use active attacks. (That are thousands times more costly to couduct). >=20 > Sent from my iPhone >=20 >> On 29 Jun 2016, at 00:36, Gregory Maxwell via bitcoin-dev wrote: >>=20 >> On Tue, Jun 28, 2016 at 9:22 PM, Eric Voskuil via bitcoin-dev >> wrote: >>> An "out of band key check" is not part of BIP151. >>=20 >> It has a session ID for this purpose. >>=20 >>> It requires a secure channel and is authentication. So BIP151 doesn't pr= ovide the tools to detect an attack, that requires authentication. A general= requirement for authentication is the issue I have raised. >>=20 >> One might wonder how you ever use a Bitcoin address, or even why we >> might guess these emails from "you" aren't actually coming from the >> NSA. >> _______________________________________________ >> bitcoin-dev mailing list >> bitcoin-dev@lists.linuxfoundation.org >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev --Apple-Mail-31DA2FB7-1948-48E8-9965-B14526C14D81 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
<= span style=3D"background-color: rgba(255, 255, 255, 0);">Hi Cameron, good to= hear from you!

On Jun 28, 2016, at 11:40 PM, Cameron G= arnham <da2ce7@gmail.com> wrot= e:

Unauthenticated link level encryption is wond= erful! MITM attacks are overrated; as they require an active attacker.

This is not really the case wi= th Bitcoin. A MITM attack does not require that the attacker find a way to i= nject traffic into the communication between nodes. Peers will connect to th= e attacker directly, or accept connections directly from it. Such attacks ca= n be easier than even passive attacks.

Stopp= ing passive attacks is the low hanging fruit. This should be taken first.
Automated and secure peer authentication in a mesh network is a huge topic.= One of the unsolved problems in computer science.

A simple 'who is that' b= y asking for the fingerprint of your peers from your other peers is a v= ery simple way to get 'some' authentication.  Semi-trusted index nodes a= lso is a low hanging fruit for authentication.

It is the implication of widespread a= uthentication that is at issue. Clearly there are ways to implement it using= a secure side channels.

<= div>However, let's= first get unauthenticated encryption. Force the attackers to use acti= ve attacks. (That are thousands times more costly to couduct).=

Sent from my iPhone

On 29 Jun 2016, at 00:36, G= regory Maxwell via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:

=
On Tue, Jun 28, 2016 at 9:22 PM, E= ric Voskuil via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> w= rote:
An "out of band key check" i= s not part of BIP151.

It has a= session ID for this purpose.

It requires a secure channel and is authentication. So BIP151 d= oesn't provide the tools to detect an attack, that requires authentication. A= general requirement for authentication is the issue I have raised.

One might wonder how you ever use a Bi= tcoin address, or even why we
might guess these emails from "= you" aren't actually coming from the
NSA.
__= _____________________________________________
bitcoin-dev ma= iling list
bitcoin-dev@lists.linuxfoundation.org
https://lis= ts.linuxfoundation.org/mailman/listinfo/bitcoin-dev
= --Apple-Mail-31DA2FB7-1948-48E8-9965-B14526C14D81--