1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
|
Return-Path: <eric@voskuil.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id E72FAA3F
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 28 Jun 2016 22:07:49 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wm0-f46.google.com (mail-wm0-f46.google.com [74.125.82.46])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 189B120E
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 28 Jun 2016 22:07:48 +0000 (UTC)
Received: by mail-wm0-f46.google.com with SMTP id f126so157400634wma.1
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 28 Jun 2016 15:07:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=voskuil-org.20150623.gappssmtp.com; s=20150623;
h=mime-version:subject:from:in-reply-to:date:cc
:content-transfer-encoding:message-id:references:to;
bh=EABzp2xrsDvGiZyekF03bDgIwlko3L+vYjTnpTWCKW8=;
b=RfC103e3sKJmnkJB0Q2WoroLqoE0aSdCA4aJgHS8n87X6EGtcbtM6Cs6SVt4ZjzfNR
fW0K7nMvVKwEUnVKD0z9ng4GzTxOS33O2t/8j/gLEvM2f3kOHT4AgSnJmFbQjba+2UOi
CUMPJmyCgDO5ZbvwKpQIbcxodDzpoXzluwOPPeMOGrxSq4n43XKyhWV+/Fvd/GGbGczK
KJB8cleDStZnA2jA+9Y7B27T9orSFYRSgU3uXVKXuy9n27TpBTALjxPnEENDaV+Y88y0
GjSFsWTsWvWSqtmw8/2VD2j3Glt2T51uTzlOeRy6lpQoEoGymhKrtfroO2+c7qjgjbG8
gTYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
:content-transfer-encoding:message-id:references:to;
bh=EABzp2xrsDvGiZyekF03bDgIwlko3L+vYjTnpTWCKW8=;
b=Ye7q6SfcqzXvBiI0+UxAsoSaXd9hM7mYXMLGEhj1QP5yP4CMK6fmagzvr46ZkzAXk5
EAfvT27XhRxz1oBxxDEZE7HrmdlGVdBJfQwieljruNQFYsZcb2zswGv1KZGgxEqhqFah
ldcrEuP0EjARWwXQK+DtfMJaUCkD+tVr4QoVFDsmvfo610hf8EUKobwkp4kG1zF8eVqU
vh/3z34P1n5AD8y2t7WP7h+bF9/1bKgYgDCyc5yWDXYohtiDLq6CcRCzp8Hg8DFjCTyf
1/qRZmcR7mVqL82NaQK9QOoQurRkMbX/jBKUKVMbyz2qIzsNWtl3ON7rY2JbkQsPzktX
0NKA==
X-Gm-Message-State: ALyK8tISuHuyKuJe+pu2w30/kN1xttLsXkz6oqcyhPsU2h1fMHzaTm/LYvqXt37OCKCJ2g==
X-Received: by 10.194.70.41 with SMTP id j9mr5062349wju.30.1467151667482;
Tue, 28 Jun 2016 15:07:47 -0700 (PDT)
Received: from [10.114.7.71] ([41.33.219.246])
by smtp.gmail.com with ESMTPSA id h8sm438008wjg.9.2016.06.28.15.07.46
(version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Tue, 28 Jun 2016 15:07:46 -0700 (PDT)
Content-Type: multipart/alternative;
boundary=Apple-Mail-31DA2FB7-1948-48E8-9965-B14526C14D81
Mime-Version: 1.0 (1.0)
From: Eric Voskuil <eric@voskuil.org>
X-Mailer: iPhone Mail (13F69)
In-Reply-To: <B1AF0E38-522E-4EC7-8595-92972D658430@gmail.com>
Date: Wed, 29 Jun 2016 00:07:45 +0200
Content-Transfer-Encoding: 7bit
Message-Id: <A74C9C1E-07CE-4769-85BA-AA97F55167EC@voskuil.org>
References: <87h9cecad5.fsf@rustcorp.com.au>
<1E86A00F-0609-4DBC-9543-94AE04CC13C9@voskuil.org>
<577234A4.3030808@jonasschnelli.ch>
<360EF9B8-A174-41CA-AFDD-2BC2C0B4DECB@voskuil.org>
<20160628182202.GA5519@fedora-21-dvm>
<D40F9E9D-DB6C-4083-A9E8-C5EBC363DB30@voskuil.org>
<20160628201447.GA1148@fedora-21-dvm>
<4DCF7DD2-6533-4F79-8CA1-871B67C01BDA@voskuil.org>
<20160628203605.GA1328@fedora-21-dvm>
<E8335291-7142-4E21-A1E2-76F387426741@voskuil.org>
<CAAS2fgRGbnH-NtPRdLe0yhFSoqJ7b6O25LfyGv_ULHhy8bBSpg@mail.gmail.com>
<B1AF0E38-522E-4EC7-8595-92972D658430@gmail.com>
To: Cameron Garnham <da2ce7@gmail.com>
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, HTML_MESSAGE, MIME_QP_LONG_LINE,
RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] BIP 151
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jun 2016 22:07:50 -0000
--Apple-Mail-31DA2FB7-1948-48E8-9965-B14526C14D81
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Hi Cameron, good to hear from you!
> On Jun 28, 2016, at 11:40 PM, Cameron Garnham <da2ce7@gmail.com> wrote:
>=20
> Unauthenticated link level encryption is wonderful! MITM attacks are overr=
ated; as they require an active attacker.
This is not really the case with Bitcoin. A MITM attack does not require tha=
t the attacker find a way to inject traffic into the communication between n=
odes. Peers will connect to the attacker directly, or accept connections dir=
ectly from it. Such attacks can be easier than even passive attacks.
> Stopping passive attacks is the low hanging fruit. This should be taken fi=
rst.
>=20
> Automated and secure peer authentication in a mesh network is a huge topic=
. One of the unsolved problems in computer science.
>=20
> A simple 'who is that' by asking for the fingerprint of your peers from yo=
ur other peers is a very simple way to get 'some' authentication. Semi-trus=
ted index nodes also is a low hanging fruit for authentication.
It is the implication of widespread authentication that is at issue. Clearly=
there are ways to implement it using a secure side channels.
> However, let's first get unauthenticated encryption. Force the attackers t=
o use active attacks. (That are thousands times more costly to couduct).
>=20
> Sent from my iPhone
>=20
>> On 29 Jun 2016, at 00:36, Gregory Maxwell via bitcoin-dev <bitcoin-dev@li=
sts.linuxfoundation.org> wrote:
>>=20
>> On Tue, Jun 28, 2016 at 9:22 PM, Eric Voskuil via bitcoin-dev
>> <bitcoin-dev@lists.linuxfoundation.org> wrote:
>>> An "out of band key check" is not part of BIP151.
>>=20
>> It has a session ID for this purpose.
>>=20
>>> It requires a secure channel and is authentication. So BIP151 doesn't pr=
ovide the tools to detect an attack, that requires authentication. A general=
requirement for authentication is the issue I have raised.
>>=20
>> One might wonder how you ever use a Bitcoin address, or even why we
>> might guess these emails from "you" aren't actually coming from the
>> NSA.
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
--Apple-Mail-31DA2FB7-1948-48E8-9965-B14526C14D81
Content-Type: text/html;
charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><div><span></span></div><div><meta http-equ=
iv=3D"content-type" content=3D"text/html; charset=3Dutf-8"><div></div><div><=
span style=3D"background-color: rgba(255, 255, 255, 0);">Hi Cameron, good to=
hear from you!</span></div><div><br>On Jun 28, 2016, at 11:40 PM, Cameron G=
arnham <<a href=3D"mailto:da2ce7@gmail.com">da2ce7@gmail.com</a>> wrot=
e:<br><br></div><blockquote type=3D"cite"><div><meta http-equiv=3D"content-t=
ype" content=3D"text/html; charset=3Dutf-8"><div><span style=3D"background-c=
olor: rgba(255, 255, 255, 0);">Unauthenticated link level encryption is wond=
erful! MITM attacks are overrated; as they require an active attacker.</span=
></div></div></blockquote><div><br></div><div>This is not really the case wi=
th Bitcoin. A MITM attack does not require that the attacker find a way to i=
nject traffic into the communication between nodes. Peers will connect to th=
e attacker directly, or accept connections directly from it. Such attacks ca=
n be easier than even passive attacks.</div><br><blockquote type=3D"cite"><d=
iv><div><div><span style=3D"background-color: rgba(255, 255, 255, 0);">Stopp=
ing passive attacks is the low hanging fruit. This should be taken first.</s=
pan></div><div><span style=3D"background-color: rgba(255, 255, 255, 0);"><br=
></span></div><div><span style=3D"background-color: rgba(255, 255, 255, 0);"=
>Automated and secure peer authentication in a mesh network is a huge topic.=
One of the unsolved problems in computer science.</span></div><div><span st=
yle=3D"background-color: rgba(255, 255, 255, 0);"><br></span><div><div><span=
style=3D"background-color: rgba(255, 255, 255, 0);">A simple 'who is that' b=
y asking for the fingerprint of your peers from your other peers is a v=
ery simple way to get 'some' authentication. Semi-trusted index nodes a=
lso is a low hanging fruit for authentication.</span></div></div></div></div=
></div></blockquote><div><br></div><div>It is the implication of widespread a=
uthentication that is at issue. Clearly there are ways to implement it using=
a secure side channels.</div><br><blockquote type=3D"cite"><div><div><div><=
div><span style=3D"background-color: rgba(255, 255, 255, 0);">However, let's=
first get u<font>nauthenticated encryption. Force the attackers to use acti=
ve attacks. (That are thousands times more costly to couduct).</font></span>=
</div></div><br>Sent from my iPhone</div><div><br>On 29 Jun 2016, at 00:36, G=
regory Maxwell via bitcoin-dev <<a href=3D"mailto:bitcoin-dev@lists.linux=
foundation.org">bitcoin-dev@lists.linuxfoundation.org</a>> wrote:<br><br>=
</div><blockquote type=3D"cite"><div><span>On Tue, Jun 28, 2016 at 9:22 PM, E=
ric Voskuil via bitcoin-dev</span><br><span><<a href=3D"mailto:bitcoin-de=
v@lists.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>> w=
rote:</span><br><blockquote type=3D"cite"><span>An "out of band key check" i=
s not part of BIP151.</span><br></blockquote><span></span><br><span>It has a=
session ID for this purpose.</span><br><span></span><br><blockquote type=3D=
"cite"><span>It requires a secure channel and is authentication. So BIP151 d=
oesn't provide the tools to detect an attack, that requires authentication. A=
general requirement for authentication is the issue I have raised.</span><b=
r></blockquote><span></span><br><span>One might wonder how you ever use a Bi=
tcoin address, or even why we</span><br><span>might guess these emails from "=
you" aren't actually coming from the</span><br><span>NSA.</span><br><span>__=
_____________________________________________</span><br><span>bitcoin-dev ma=
iling list</span><br><span><a href=3D"mailto:bitcoin-dev@lists.linuxfoundati=
on.org">bitcoin-dev@lists.linuxfoundation.org</a></span><br><span><a href=3D=
"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev">https://lis=
ts.linuxfoundation.org/mailman/listinfo/bitcoin-dev</a></span><br></div></bl=
ockquote></div></blockquote></div></body></html>=
--Apple-Mail-31DA2FB7-1948-48E8-9965-B14526C14D81--
|
