1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <gmaxwell@gmail.com>) id 1XJtEg-0007v1-Fm
for bitcoin-development@lists.sourceforge.net;
Tue, 19 Aug 2014 23:54:42 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.220.175 as permitted sender)
client-ip=209.85.220.175; envelope-from=gmaxwell@gmail.com;
helo=mail-vc0-f175.google.com;
Received: from mail-vc0-f175.google.com ([209.85.220.175])
by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1XJtEe-0003oG-Qd
for bitcoin-development@lists.sourceforge.net;
Tue, 19 Aug 2014 23:54:42 +0000
Received: by mail-vc0-f175.google.com with SMTP id ik5so8228716vcb.20
for <bitcoin-development@lists.sourceforge.net>;
Tue, 19 Aug 2014 16:54:35 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.220.116.196 with SMTP id n4mr33249741vcq.6.1408492475168;
Tue, 19 Aug 2014 16:54:35 -0700 (PDT)
Received: by 10.52.187.132 with HTTP; Tue, 19 Aug 2014 16:54:35 -0700 (PDT)
In-Reply-To: <53F3E01D.9090403@riseup.net>
References: <CA+8=xuJ+YDTNjyDW7DvP8KPN_nrFWpE68HvLw6EokFa-B-QGKw@mail.gmail.com>
<CA+8=xuKRyO1=bu7cgNGHvtAeqgKBxjTH2uUkb61GdCuEQWEu5A@mail.gmail.com>
<0C0EF7F9-DBBA-4872-897D-63CFA3853726@ricmoo.com>
<CA+8=xu+KWSF6XYgH-_t87na6M6UOD0CM1su8sizxn5a4b0_Xrw@mail.gmail.com>
<33D4B2E3-DBF0-444E-B76A-765C4C17E964@ricmoo.com>
<53F37635.5070807@riseup.net>
<CAAS2fgTF6424+FfzaL=+iaio2zu_uM_74yKohi7T3dtz=J9CjA@mail.gmail.com>
<53F38AC9.4000608@corganlabs.com> <53F3DFF7.9070709@jrn.me.uk>
<53F3E01D.9090403@riseup.net>
Date: Tue, 19 Aug 2014 16:54:35 -0700
Message-ID: <CAAS2fgRPJhnD4TEOP8EnZoo2Vbdb7dGBfB10twGrxW_g71UnpA@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Justus Ranvier <justusranvier@riseup.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(gmaxwell[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1XJtEe-0003oG-Qd
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Proposal: Encrypt bitcoin messages
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 19 Aug 2014 23:54:42 -0000
On Tue, Aug 19, 2014 at 4:39 PM, Justus Ranvier
<justusranvier@riseup.net> wrote:
> While the rest of the 'net is busy deprecating HTTP and all other
> unencrypted transport methods, why is it(*) even a debate?
I think it's desirable (and you can go look in #bitcoin-dev logs for
me talking about it in the past)=E2=80=94 but all of engineering is
tradeoffs... and the ones involved here don't make it a high priority
in my book, esp when people should be using Bitcoin over tor in any
case, which provides better privacy and also covers encrypt + auth.
In general I think authentication is more important than encryption,
since authentication is table stakes required for a number of
anti-partitioning-attack measures. My past thinking on opportunistic
encryption is that once you're authenticating also encrypting would be
fairly little work, but it should be auth that drives that kind of
effort.
|
