Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from <mh.in.england@gmail.com>) id 1X7Qi2-0007q5-BA for bitcoin-development@lists.sourceforge.net; Wed, 16 Jul 2014 15:01:30 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.214.182 as permitted sender) client-ip=209.85.214.182; envelope-from=mh.in.england@gmail.com; helo=mail-ob0-f182.google.com; Received: from mail-ob0-f182.google.com ([209.85.214.182]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1X7Qhz-0005EJ-5g for bitcoin-development@lists.sourceforge.net; Wed, 16 Jul 2014 15:01:30 +0000 Received: by mail-ob0-f182.google.com with SMTP id wm4so1064586obc.27 for <bitcoin-development@lists.sourceforge.net>; Wed, 16 Jul 2014 08:01:21 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.182.115.134 with SMTP id jo6mr26725775obb.70.1405522881046; Wed, 16 Jul 2014 08:01:21 -0700 (PDT) Sender: mh.in.england@gmail.com Received: by 10.76.35.234 with HTTP; Wed, 16 Jul 2014 08:01:20 -0700 (PDT) In-Reply-To: <CAAS2fgTA9dmMeSmkMCa0AKpn8VMU8HDOCJQB3zfyb-E4Tmo8rQ@mail.gmail.com> References: <CANEZrP1t3Pz3FOgxkxsj+sSgyQhPxfUTdCGXTC7=yxeZkGt-DQ@mail.gmail.com> <CAJHLa0NhZ=RuUMts19EUhY6C1+dy1yaje3Hb5Lfm+AqjRRL5uw@mail.gmail.com> <CANEZrP20E5R3D+Em4hordpSpe-e88iyHwyq=WdffsTCpTm+RVA@mail.gmail.com> <CAJHLa0NcFcRhczf9WWGj+4fYBdYCUBb7Zm__Y5+qhprXL21wUA@mail.gmail.com> <CAAS2fgTA9dmMeSmkMCa0AKpn8VMU8HDOCJQB3zfyb-E4Tmo8rQ@mail.gmail.com> Date: Wed, 16 Jul 2014 17:01:20 +0200 X-Google-Sender-Auth: 5if3ZX7zsAJAeFIkPVNgAhyw00Q Message-ID: <CANEZrP1TRVt1Vs035du50uLwq9V-T37aB916OtTq6bPbdBe+pw@mail.gmail.com> From: Mike Hearn <mike@plan99.net> To: Gregory Maxwell <gmaxwell@gmail.com> Content-Type: multipart/alternative; boundary=089e0102fb060c7e0504fe50cc14 X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1X7Qhz-0005EJ-5g Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net> Subject: Re: [Bitcoin-development] Draft BIP for geutxos message X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: <bitcoin-development.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> List-Post: <mailto:bitcoin-development@lists.sourceforge.net> List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> X-List-Received-Date: Wed, 16 Jul 2014 15:01:30 -0000 --089e0102fb060c7e0504fe50cc14 Content-Type: text/plain; charset=UTF-8 > > In particular, can this document > specifically call out that a local network attacker can MITM all the > peers. It already does, last sentence of the authentication section is: Querying multiple nodes and combining their answers can be a partial solution to this, although as nothing authenticates the Bitcoin P2P network a man in the middle could still yield incorrect results > (If Mike would prefer, I can send a diff with proposed changes) > Yes please. --089e0102fb060c7e0504fe50cc14 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><blo= ckquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left= -width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;paddi= ng-left:1ex"> In particular, can this document<br> specifically call out that a local network attacker can MITM all the<br> peers.</blockquote><div><br></div><div>It already does, last sentence of th= e authentication section is:</div><div><br></div><div><span style=3D"color:= rgb(51,51,51);font-family:Helvetica,arial,freesans,clean,sans-serif,'Se= goe UI Emoji','Segoe UI Symbol';font-size:16px;line-height:27.2= 00000762939453px">Querying multiple nodes and combining their answers can b= e a partial solution to this, although as nothing authenticates the Bitcoin= P2P network a man in the middle could still yield incorrect results</span>= </div> <div>=C2=A0</div><div>=C2=A0</div><blockquote class=3D"gmail_quote" style= =3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(20= 4,204,204);border-left-style:solid;padding-left:1ex">(If Mike would prefer,= I can send a diff with proposed changes)<br> </blockquote><div><br></div><div>Yes please.=C2=A0</div></div><br></div></d= iv> --089e0102fb060c7e0504fe50cc14--