Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XG5kq-0007Tm-Gr for bitcoin-development@lists.sourceforge.net; Sat, 09 Aug 2014 12:28:12 +0000 X-ACL-Warn: Received: from p3plsmtpa11-04.prod.phx3.secureserver.net ([68.178.252.105]) by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1XG5kp-00033P-GP for bitcoin-development@lists.sourceforge.net; Sat, 09 Aug 2014 12:28:12 +0000 Received: from [192.168.0.23] ([201.231.95.129]) by p3plsmtpa11-04.prod.phx3.secureserver.net with id ccFV1o00B2nUpUh01cFWzW; Sat, 09 Aug 2014 05:15:31 -0700 Message-ID: <53E610DE.4070903@certimix.com> Date: Sat, 09 Aug 2014 09:15:26 -0300 From: Sergio Lerner User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20121026 Thunderbird/16.0.2 MIME-Version: 1.0 To: bitcoin-development@lists.sourceforge.net References: <201408072345.45363.luke@dashjr.org> <201408080101.16453.luke@dashjr.org> In-Reply-To: X-Enigmail-Version: 1.4.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [68.178.252.105 listed in list.dnswl.org] X-Headers-End: 1XG5kp-00033P-GP Subject: Re: [Bitcoin-development] Miners MiTM X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Aug 2014 12:28:12 -0000 Since the information exchanged between the pool and the miner is public, all that's needed is a mutual private MAC key that authenticates messages. This requires a registration step, that can be done only once using a simple web interface over https to the miner website. But the miner website is not the miner server, so the worst DoS would be preventing new miners to join the pool, which is not very often. The MAC key can be provided directly by the miner. And the pool associates the MAC key with a Bitcoin public address. The overhead would be minimal. -Sergio.