Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.212.47 as permitted sender)
	client-ip=209.85.212.47; envelope-from=rmckay@gmail.com;
	helo=mail-vw0-f47.google.com; 
MIME-Version: 1.0
Sender: rmckay@gmail.com
In-Reply-To: <20110701163558.GA7311@dax.lan.local>
References: <1309478838.3689.25.camel@Desktop666>
	<20110701080042.GA657@ulyssis.org>
	<BANLkTim-QWvtfL65mo3uW7ESiehKOmHjtw@mail.gmail.com>
	<BANLkTi=DWUhGmoHcQB5EPZHF71JE71gcTg@mail.gmail.com>
	<1309524016.2541.0.camel@Desktop666>
	<BANLkTimobc7471uBMLBecYT3vz0GO6RLzQ@mail.gmail.com>
	<20110701163558.GA7311@dax.lan.local>
Date: Fri, 1 Jul 2011 17:47:19 +0100
Message-ID: <BANLkTimuNvsk_O2c6V03L9T=dgTVXbkpLg@mail.gmail.com>
From: Robert McKay <robert@mckay.com>
To: jan@uos.de
Content-Type: multipart/alternative; boundary=bcaec5485fca5c256904a704c5d4
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] 0.3.24
Precedence: list

--bcaec5485fca5c256904a704c5d4
Content-Type: text/plain; charset=ISO-8859-1

On Fri, Jul 1, 2011 at 5:35 PM, <jan@uos.de> wrote:

> On Fri, Jul 01, 2011 at 11:06:56AM -0400, Gavin Andresen wrote:
> > > Not sure about OS differentiation, seems...wrong?  Maybe disabled by
> > > default on bitcoind but on by default on bitcoin?
> >
> > OK.  I mis-remembered the poll:
> >    http://forum.bitcoin.org/index.php?topic=4392.0
> >
> > On by default                        8 (20%)
> > Off by default                               22 (55%)
> > On by default in the GUI, off by default in bitcoind   10 (25%)
>
> I just voted as well and now - with some extra votes in the meantime -
> it's 9 / 22 / 13. So exactly 50/50 between off (22) and some form of on
> (9 + 13).
>
> I'm in favor of turning it on by default in the GUI and leaving it off
> in bitcoind.
>
> I don't like UPnP much, I find it exemplifies exactly what is wrong with
> computer security today: Convenience trumps security almost every time.
>
> BUT: I don't think this is the moment to fight UPnP. It's the standard
> mechanism in use today to let a computer behind a NAT accept incoming
> connections. The user has already made the decision in regards to
> convenience over security. By enabling UPnP (or by buying a product that
> does this automatically) they are saying: I want it to "just work"
> instead of having fine-grained but more complicated control.
>
> Bitcoin is a P2P application and as such should use this
> mechanism. I think it's pretty clear that participating in a P2P network
> requires one to receive messages from other peers. At least no one seems
> to be concerned that Bitcoin (by default!) listens on port 8333. So I
> think it's only logical to extend that to work behind NATs as well


If bitcoin listened on IPv6 that might help for alot of people. Windows 7
users get a teredo IPv6 address (unless they disable it) when behind NAT on
IPv4. Take any win7 box and put it on a typical NAT /DSL setup this is what
happens. I think this might actually work for more users than have UPNP
support on their DSL gateways. teredo IPs aren't that stable though (they
change frequently) and they might tend to flood the address cache with stale
addresses.

Rob

--bcaec5485fca5c256904a704c5d4
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div class=3D"gmail_quote">On Fri, Jul 1, 2011 at 5:35 PM,  <span dir=3D"lt=
r">&lt;<a href=3D"mailto:jan@uos.de">jan@uos.de</a>&gt;</span> wrote:<br><b=
lockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px =
#ccc solid;padding-left:1ex;">
<div class=3D"im">On Fri, Jul 01, 2011 at 11:06:56AM -0400, Gavin Andresen =
wrote:<br>
&gt; &gt; Not sure about OS differentiation, seems...wrong? =A0Maybe disabl=
ed by<br>
&gt; &gt; default on bitcoind but on by default on bitcoin?<br>
&gt;<br>
&gt; OK. =A0I mis-remembered the poll:<br>
&gt; =A0 =A0<a href=3D"http://forum.bitcoin.org/index.php?topic=3D4392.0" t=
arget=3D"_blank">http://forum.bitcoin.org/index.php?topic=3D4392.0</a><br>
&gt;<br>
&gt; On by default =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A08 (20%)<b=
r>
&gt; Off by default =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
 =A0 22 (55%)<br>
&gt; On by default in the GUI, off by default in bitcoind =A0 10 (25%)<br>
<br>
</div>I just voted as well and now - with some extra votes in the meantime =
-<br>
it&#39;s 9 / 22 / 13. So exactly 50/50 between off (22) and some form of on=
<br>
(9 + 13).<br>
<br>
I&#39;m in favor of turning it on by default in the GUI and leaving it off<=
br>
in bitcoind.<br>
<br>
I don&#39;t like UPnP much, I find it exemplifies exactly what is wrong wit=
h<br>
computer security today: Convenience trumps security almost every time.<br>
<br>
BUT: I don&#39;t think this is the moment to fight UPnP. It&#39;s the stand=
ard<br>
mechanism in use today to let a computer behind a NAT accept incoming<br>
connections. The user has already made the decision in regards to<br>
convenience over security. By enabling UPnP (or by buying a product that<br=
>
does this automatically) they are saying: I want it to &quot;just work&quot=
;<br>
instead of having fine-grained but more complicated control.<br>
<br>
Bitcoin is a P2P application and as such should use this<br>
mechanism. I think it&#39;s pretty clear that participating in a P2P networ=
k<br>
requires one to receive messages from other peers. At least no one seems<br=
>
to be concerned that Bitcoin (by default!) listens on port 8333. So I<br>
think it&#39;s only logical to extend that to work behind NATs as well</blo=
ckquote><div><br>If bitcoin listened on IPv6 that might help for alot of pe=
ople. Windows 7 users get a teredo IPv6 address (unless they disable it) wh=
en behind NAT on IPv4. Take any win7 box and put it on a typical NAT /DSL s=
etup this is what happens. I think this might actually work for more users =
than have UPNP support on their DSL gateways. teredo IPs aren&#39;t that st=
able though (they change frequently) and they might tend to flood the addre=
ss cache with stale addresses.<br>
<br>Rob<br></div></div>

--bcaec5485fca5c256904a704c5d4--