1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
Return-Path: <eric@voskuil.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 0662D899
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 28 Jun 2016 21:22:28 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wm0-f45.google.com (mail-wm0-f45.google.com [74.125.82.45])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id BC7D7107
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 28 Jun 2016 21:22:26 +0000 (UTC)
Received: by mail-wm0-f45.google.com with SMTP id f126so156304206wma.1
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 28 Jun 2016 14:22:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=voskuil-org.20150623.gappssmtp.com; s=20150623;
h=mime-version:subject:from:in-reply-to:date:cc
:content-transfer-encoding:message-id:references:to;
bh=3nje175/esj34Hp6Ie5N9q6VbN4M5qUaplC5D2k8hMY=;
b=iVvMy+TNc+1uHxeavOFSaZWP/9doGqLgf+mh1RJM+mBQAXTpIRj7t9LzLcKyez/7r+
6ukClzxMUKgXMSOSlyHjIU4LcG2kE+utI537fs7QxSUklmxcbpYbxsmRTizfMEGyH7t6
jgvi8RorKcdRLo9VCqGZkbiDYCQgfkOJKTyciiW21GO9lSi5Pu8iokrZISWb/ecrEnIV
u4gw7yMzviCn0mu4tReJo0RGWGcF/JzYfk9Nu6gNZJ367JEKR00XMX4wAQUjCRODnYye
G+28ubfIsBd7trVeznNKCEkWmjZBBxFq9I73DQ2N52smJ4gS+UkbfM63dm9t5VaGZieY
NZVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
:content-transfer-encoding:message-id:references:to;
bh=3nje175/esj34Hp6Ie5N9q6VbN4M5qUaplC5D2k8hMY=;
b=T29hEbc9Bg8J0OpGmRgOazkyLA5MVjsJ7bjZWzn3yVehfH97HWJau11ww2Zk1S0Uk3
PwwCxhAfyYh5FD7WrwzyrQIF/hIeofkf6TxRCthhzitvV8DICeinnzYGARAx/vdw8oEt
K1I4iXQoAKD+PpCj7gzCBn3nxAXsa05KbmJdWkrELKMfMwlmqhCFza30AZbYrTT1DdyS
+AMwbfqIaYX9dguWNmOEZn9IpfkwNrhZjGHtVt+wRGJoduFKkr4SHZhuhH+QzQvwTwQC
dmS7Kx6Tw0w/Z8YDmFTN8zoeHl8rpvsHhc4ROTBT5tFl5w1M6OQhzwhqp9yxfjlP6beF
m20A==
X-Gm-Message-State: ALyK8tJzKn8ZD1lwUX3a6IN1zIk6UtIe4YIFQ1AFdpVGiENS80Mhz9Wzj2tQ9L3cEpC8sg==
X-Received: by 10.28.158.132 with SMTP id h126mr17338642wme.43.1467148945350;
Tue, 28 Jun 2016 14:22:25 -0700 (PDT)
Received: from [10.114.7.71] ([41.33.219.246])
by smtp.gmail.com with ESMTPSA id bb4sm260147wjb.32.2016.06.28.14.22.24
(version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Tue, 28 Jun 2016 14:22:24 -0700 (PDT)
Content-Type: text/plain;
charset=us-ascii
Mime-Version: 1.0 (1.0)
From: Eric Voskuil <eric@voskuil.org>
X-Mailer: iPhone Mail (13F69)
In-Reply-To: <20160628203605.GA1328@fedora-21-dvm>
Date: Tue, 28 Jun 2016 23:22:23 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <E8335291-7142-4E21-A1E2-76F387426741@voskuil.org>
References: <87h9cecad5.fsf@rustcorp.com.au>
<1E86A00F-0609-4DBC-9543-94AE04CC13C9@voskuil.org>
<577234A4.3030808@jonasschnelli.ch>
<360EF9B8-A174-41CA-AFDD-2BC2C0B4DECB@voskuil.org>
<20160628182202.GA5519@fedora-21-dvm>
<D40F9E9D-DB6C-4083-A9E8-C5EBC363DB30@voskuil.org>
<20160628201447.GA1148@fedora-21-dvm>
<4DCF7DD2-6533-4F79-8CA1-871B67C01BDA@voskuil.org>
<20160628203605.GA1328@fedora-21-dvm>
To: Peter Todd <pete@petertodd.org>
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, MIME_QP_LONG_LINE,
RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] BIP 151
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jun 2016 21:22:28 -0000
> On Jun 28, 2016, at 10:36 PM, Peter Todd <pete@petertodd.org> wrote:
>=20
>> On Tue, Jun 28, 2016 at 10:29:54PM +0200, Eric Voskuil wrote:
>>=20
>>=20
>>>> On Jun 28, 2016, at 10:14 PM, Peter Todd <pete@petertodd.org> wrote:
>>>>=20
>>>> On Tue, Jun 28, 2016 at 08:35:26PM +0200, Eric Voskuil wrote:
>>>> Hi Peter,
>>>>=20
>>>> What in this BIP makes a MITM attack easier (or easy) to detect, or inc=
reases the probability of one being detected?
>>>=20
>>> BIP151 gives users the tools to detect a MITM attack.
>>>=20
>>> It's kinda like PGP in that way: lots of PGP users don't properly check k=
eys,
>>=20
>> PGP requires a secure side channel for transmission of public keys. How d=
oes one "check" a key of an anonymous peer? I know you well enough to know y=
ou wouldn't trust a PGP key received over an insecure channel.
>>=20
>> All you can prove is that you are talking to a peer and that communicatio=
ns in the session remain with that peer. The peer can be the attacker. As Jo=
nas has acknowledged, authentication is required to actually guard against M=
ITM attacks.
>=20
> Easy: anonymous peers aren't always actually anonymous.
>=20
> A MITM attacker can't easily distinguish communications between two nodes t=
hat
> randomly picked their peers, and nodes that are connected because their op=
erators manually used -addnode to peer; in the latter case the operators can=
> check whether or not they're being attacked with an out-of-band key check.=
An "out of band key check" is not part of BIP151. It requires a secure chann=
el and is authentication. So BIP151 doesn't provide the tools to detect an a=
ttack, that requires authentication. A general requirement for authenticatio=
n is the issue I have raised.
e=
|