Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id BF74169 for ; Wed, 23 Mar 2016 15:24:18 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from server3 (server3.include7.ch [144.76.194.38]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id 366ED16D for ; Wed, 23 Mar 2016 15:24:17 +0000 (UTC) Received: by server3 (Postfix, from userid 115) id BD9432E200F3; Wed, 23 Mar 2016 16:24:16 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, FSL_HELO_NON_FQDN_1 autolearn=ham version=3.3.1 Received: from Jonass-MacBook-Pro.local (cable-static-140-182.teleport.ch [87.102.140.182]) by server3 (Postfix) with ESMTPSA id 11BA82D00270 for ; Wed, 23 Mar 2016 16:24:16 +0100 (CET) To: Bitcoin development mailing list From: Jonas Schnelli Message-ID: <56F2B51C.8000105@jonasschnelli.ch> Date: Wed, 23 Mar 2016 16:24:12 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="jphCgCGa8Q1JoErib9kqWWuVDeS70rkRS" X-Mailman-Approved-At: Wed, 23 Mar 2016 16:00:01 +0000 Subject: [bitcoin-dev] p2p authentication and encryption BIPs X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Mar 2016 15:24:18 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --jphCgCGa8Q1JoErib9kqWWuVDeS70rkRS Content-Type: multipart/mixed; boundary="ErghshXugs9tWx89WGPcS8vghp0PQimWx" From: Jonas Schnelli To: Bitcoin development mailing list Message-ID: <56F2B51C.8000105@jonasschnelli.ch> Subject: p2p authentication and encryption BIPs --ErghshXugs9tWx89WGPcS8vghp0PQimWx Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi I have just PRed a draft version of two BIPs I recently wrote. https://github.com/bitcoin/bips/pull/362 Two BIPs that addresses the problem of decoupling wallets/clients from nodes while assuming a user (or a group) know the remote peer. Authentication would be necessary to selective allow bloom filtering of transactions, encryption or any other node service that might lead to fingerprinting or resource attacks. Authentication would also be a pre-requirement for certificate free encryption-handshakes that is (enough?) resistant to MITM attacks. Encryption is highly recommended if you connect a SPV node to a trusted node. Authentication would allow accessing private p2p extensions from a remote SPV peer (example: fee estimation). I'm aware of other methods to increase privacy and integrity (tor, VPN, stunnel, etc.), however I think authentication and a basic communication encryption should be part of the protocol and its setup should be complete hassle-free. Thanks for your feeback. /jonas --ErghshXugs9tWx89WGPcS8vghp0PQimWx-- --jphCgCGa8Q1JoErib9kqWWuVDeS70rkRS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJW8rUcAAoJECnUvLZBb1PsYo8P/01wdqKELKiXk6ggtvYJBLeU ixVh6ebqmL627BkumTgi1ol0q9KU2u0TCutuoPLBsoBia4uGTgszzPu9Ni3kQY4H 71A8zr9LVh19OmfqPIhys5EjAkLZmj3FGZ3ytI2KfPQqWIVff5cDWlko7RT/iPJ3 t33KlRVZbTXkJAeccQz7QsM4GMp8aHZ5jQznYCug2wi8TSiMKne0bQ1uVuJALCjq JVZPQ+1CUGh08045BEB2jsDzlwZj4yU9Hef+xRK7l0ac8W009ASn6LxK1BvCx9rY fAzYmPVmFFe6SZMoFjjOFYcf9uSpsZOu5hYlJcWz0CDv++O+cE4B3U5fFwvp9Z6d dwQu+APkVjGXbHv1D1Q+C0XGr/nmefT3vuhtJ4eur7IaraeosmEanLzpg2WLCphP +B4R5MfZnBPL5Fw13sKU2WVIftS+18gYEQLB98KqVn64YqWzmPkJoJ04avYbc1iX lKhCG1nSMopmCHh32L3jiT9Z1Fldf6ihxaz0/T/L9mqEG5jQi7tFSsgXtQpNbaWt ZC6uZqpRoHHT/BxFpwlcO1Trycrl+QiENdzBErdAhj4VBmdXL0PZpFvLr27oqiT/ w5zUxQrT+pjwDa/jFg5Zqhf8cBG+StqvoFS+JsZSMddmjNrWEIAJilp9eJzQ7kIC bkUpbJUz50Fdlfui/Nky =IrPs -----END PGP SIGNATURE----- --jphCgCGa8Q1JoErib9kqWWuVDeS70rkRS--