path: root/7c/c015a5b7dee9a8606042d0e9ed6200c26fb7bb

Return-Path: <dev@jonasschnelli.ch>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id E7EB726C
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 30 Jun 2016 12:43:13 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from server3 (server3.include7.ch [144.76.194.38])
	by smtp1.linuxfoundation.org (Postfix) with ESMTP id 476B0179
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 30 Jun 2016 12:43:13 +0000 (UTC)
Received: by server3 (Postfix, from userid 115)
	id 6A5B52E605D9; Thu, 30 Jun 2016 14:43:12 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, FSL_HELO_NON_FQDN_1
	autolearn=ham version=3.3.1
Received: from Jonass-MacBook-Pro-2.local (cable-static-140-182.teleport.ch
	[87.102.140.182]) by server3 (Postfix) with ESMTPSA id A68662D000CB;
	Thu, 30 Jun 2016 14:43:10 +0200 (CEST)
To: Eric Voskuil <eric@voskuil.org>
References: <87h9cecad5.fsf@rustcorp.com.au>
	<1E86A00F-0609-4DBC-9543-94AE04CC13C9@voskuil.org>
	<577234A4.3030808@jonasschnelli.ch>
	<360EF9B8-A174-41CA-AFDD-2BC2C0B4DECB@voskuil.org>
	<20160629111728.GO13338@dosf1.alfie.wtf>
	<2981A919-4550-4807-8ED9-F8C51B2DC061@voskuil.org>
	<57750EAB.3020105@jonasschnelli.ch>
	<426C2AA3-BFB8-4C41-B4DF-4D6CC11988B2@voskuil.org>
From: Jonas Schnelli <dev@jonasschnelli.ch>
Message-ID: <577513DB.60101@jonasschnelli.ch>
Date: Thu, 30 Jun 2016 14:43:07 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0)
	Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <426C2AA3-BFB8-4C41-B4DF-4D6CC11988B2@voskuil.org>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="L7mssnahhQISi4kMGnoBpF8D4QJTjtEsk"
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] BIP 151
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2016 12:43:14 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--L7mssnahhQISi4kMGnoBpF8D4QJTjtEsk
Content-Type: multipart/mixed; boundary="ms8FWqXX1Av7DnGV1R2QjLHKEikLWdiqP"
From: Jonas Schnelli <dev@jonasschnelli.ch>
To: Eric Voskuil <eric@voskuil.org>
Cc: Alfie John <alfie@alfie.wtf>,
 Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <577513DB.60101@jonasschnelli.ch>
Subject: Re: [bitcoin-dev] BIP 151
References: <87h9cecad5.fsf@rustcorp.com.au>
 <1E86A00F-0609-4DBC-9543-94AE04CC13C9@voskuil.org>
 <577234A4.3030808@jonasschnelli.ch>
 <360EF9B8-A174-41CA-AFDD-2BC2C0B4DECB@voskuil.org>
 <20160629111728.GO13338@dosf1.alfie.wtf>
 <2981A919-4550-4807-8ED9-F8C51B2DC061@voskuil.org>
 <57750EAB.3020105@jonasschnelli.ch>
 <426C2AA3-BFB8-4C41-B4DF-4D6CC11988B2@voskuil.org>
In-Reply-To: <426C2AA3-BFB8-4C41-B4DF-4D6CC11988B2@voskuil.org>

--ms8FWqXX1Av7DnGV1R2QjLHKEikLWdiqP
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable



>>> The core problem posed by BIP151 is a MITM attack. The implied soluti=
on (BIP151 + authentication) requires that a peer trusts that another is =
not an attacker.
>>
>> BIP151 would increase the risks for MITM attackers.
>> What are the benefits for Mallory of he can't be sure Alice and Bob ma=
y
>> know that he is intercepting the channel?
>=20
> It is not clear to me why you believe an attack on privacy by an anonym=
ous peer is detectable.

If Mallory has substituted the ephemeral keys in both directions, at the
point where Alice and Bob will do an authentication, they can be sure
Mallory is listening.

Simple dummy example:
1.) Encryption setup with ECDH with ephemeral keys after BIP151
2.) Mallory is MITMling the connection. He is substituting both
direction with its own keys
3.) Connection is successfully MITMled
4.) Alice tells Bob "prove me that you are Bob, please sign the
session-ID with your identity key"
5.) Bob signs the sessionID (ECDH secret) with his identity key which
will be unusable for Mallory who has a substituted sessionID in both
directions.
6.) Alice has successfully detected the Mallory

Disclaimer: 4) and 5) are _not_ authentication proposals :-)

</jonas>


--ms8FWqXX1Av7DnGV1R2QjLHKEikLWdiqP--

--L7mssnahhQISi4kMGnoBpF8D4QJTjtEsk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXdRPbAAoJECnUvLZBb1PsOiUQAK8reN7FX6RXyksiKv1tWPVV
8GggyT3/ZAphCnpXp7BszY3/tr8XS8Lj/zWvbRpF8p9RY5yUARYZvroYrDtzUtov
4qj0FJONYyrmSjTWaQBLvn+r51MYbguubOsvvRXxTHm7mymrz37i3kzMfnnXVSb3
xMppfNUL2jy5etv7n09Mqr5VNXdM5vqQvKuG+qW04ptT76Oo0NJ1RA8Ea45qPEA8
gl9bQ96iV2vPGj1Af7iXFng7OUCgFO52TgYVDzDwEu7getD6U3t3NCRquaZSsr/4
XRTS6lozdMYkfocgM98S3GTnI3h6MkX66MkWoqryNrZpE72U90+Y0JY/BmQEvTLs
oxRcHgzVkl9O/bN8SINWUjnpxGMVBBZNyMa9FkFKeBePuNtVMCp1w/RJ5k6v3u2r
7/Rp9tpnvsKSuaF/HfLPkF+VkRsURy8hzqkcAHD4lQFx3/adlZ0sLlIhybSJe3nG
PvOxANPFk+G6RaGJcTfR+pW2YeqqQNTDC1DHSqu9j3XOXzVBk4dCIjplXnFT4lkT
CGzLI3hwF4rBfEEARTe8ddchAM2Y0wPU+2IZbJ3DANRhBXFmSz+rx0qEDhRuWYl+
AKHWTjTzVW33MGlwkrZjiwvN0ySwmy9nL7EAqegZgTscY8RtJm9rPgk/O6po1lWd
SjPO7pyp3qcJruL5M+ht
=FCJG
-----END PGP SIGNATURE-----

--L7mssnahhQISi4kMGnoBpF8D4QJTjtEsk--