1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <marek@palatinus.cz>) id 1XFZpv-0006Mh-0f
for bitcoin-development@lists.sourceforge.net;
Fri, 08 Aug 2014 02:23:19 +0000
X-ACL-Warn:
Received: from mail-vc0-f178.google.com ([209.85.220.178])
by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1XFZpt-0005mN-TR
for bitcoin-development@lists.sourceforge.net;
Fri, 08 Aug 2014 02:23:18 +0000
Received: by mail-vc0-f178.google.com with SMTP id la4so7569082vcb.9
for <bitcoin-development@lists.sourceforge.net>;
Thu, 07 Aug 2014 19:23:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
:date:message-id:subject:to:cc:content-type;
bh=2m3QRwZeBm+CPZXmZraFwUyhJM6AssaQnS13K1Hm0gA=;
b=C8MvEEDURWx71Xf5xXhj6JK1F5saXMswGX9MjbaA1x4OueA6hS1GpTRZTMlfStV62Z
VVfYRsG0XcmTsNfed3J5DWrRXQZy306elKJZrK8oP1dUSa2GU92ppRGJ4Tb8aPJYABPd
lIt8m5Ew+Y3PQ1ZxEdawSsS29WE5T3UUAbp8sS1+R1oqJCTvGn5J/3gpy07xJifsanc8
/WSJhBsXazT4TXUhunpKA5kQFtgZGHbiY99N6zRRmU8uqVIKVNS1eeVm6pmYaTn1IxMf
aDdJrhpnDSPh19+CAAeK0uKm4/jFe7QCcPCJJkSjrPJ9ADXZomTx2wRymDTNJTGpdgwg
9frA==
X-Gm-Message-State: ALoCoQmQK65dt2JDIbSQGaG3wLVLe5HWCskbJPZAFTm6U0+gxL1oCewy/9aAMDODH4TRmsSIBWmE
X-Received: by 10.52.83.227 with SMTP id t3mr4887128vdy.20.1407464592242; Thu,
07 Aug 2014 19:23:12 -0700 (PDT)
MIME-Version: 1.0
Sender: marek@palatinus.cz
Received: by 10.58.173.226 with HTTP; Thu, 7 Aug 2014 19:22:42 -0700 (PDT)
In-Reply-To: <CAPS+U99pnqrGiYb-1MMf_GjR2eCiwaX3MvDHX3kGjepEf0=4nQ@mail.gmail.com>
References: <CAPS+U9-ze_-gcYh1WNVJ5h8AZ8owoQX=8OUgNcKnaxgvjxZATA@mail.gmail.com>
<201408072345.45363.luke@dashjr.org>
<CAJna-HjzMO68KSXYG++X-8vzQCLurkrAAhfrVo9-AbaoYdqZhw@mail.gmail.com>
<CAH99vakZLWe_auKb0iuKY0EJn2wWT13bThY-y5Y5O0u+AWRj3g@mail.gmail.com>
<CAPS+U99pnqrGiYb-1MMf_GjR2eCiwaX3MvDHX3kGjepEf0=4nQ@mail.gmail.com>
From: slush <slush@centrum.cz>
Date: Fri, 8 Aug 2014 04:22:42 +0200
X-Google-Sender-Auth: GG3l5YfTWQ-GqU36Qf8do9UxINE
Message-ID: <CAJna-HiGtOt5x4gw7Ea8XP1zQM32H9PmyQOuu7ekNfN4E7BCfA@mail.gmail.com>
To: Pedro Worcel <pedro@worcel.com>
Content-Type: multipart/alternative; boundary=001a11368e800e0fc3050014e36e
X-Spam-Score: 1.0 (+)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(slush[at]centrum.cz)
1.0 HTML_MESSAGE BODY: HTML included in message
X-Headers-End: 1XFZpt-0005mN-TR
Cc: "bitcoin-development@lists.sourceforge.net"
<bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Miners MiTM
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 08 Aug 2014 02:23:19 -0000
--001a11368e800e0fc3050014e36e
Content-Type: text/plain; charset=ISO-8859-1
Although 140 BTC sounds scary, actually it was very minor issue and most of
miners aren't even aware about it.
TLS would probably make the attack harder, that's correct. However if
somebody controls ISP routers, then MITM with TLS is harder, yet possible.
slush
On Fri, Aug 8, 2014 at 3:07 AM, Pedro Worcel <pedro@worcel.com> wrote:
>
> Seems to me that it would correctly mitigate the attack mentioned in the
> wired article. I am surprised that miners are not worried about losing
> their profits, I would personally be quite annoyed.
>
>
--001a11368e800e0fc3050014e36e
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Although 140 BTC sounds scary, actually it was very minor =
issue and most of miners aren't even aware about it.<div><br></div><div=
>TLS would probably make the attack harder, that's correct. However if =
somebody controls ISP routers, then MITM with TLS is harder, yet possible.<=
/div>
<div><br></div><div>slush<br><div class=3D"gmail_extra"><br><br><div class=
=3D"gmail_quote">On Fri, Aug 8, 2014 at 3:07 AM, Pedro Worcel <span dir=3D"=
ltr"><<a href=3D"mailto:pedro@worcel.com" target=3D"_blank">pedro@worcel=
.com</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div class=3D""><div style=
=3D"font-family:verdana,sans-serif"><br></div></div><div style=3D"font-fami=
ly:verdana,sans-serif">
Seems to me that it would correctly mitigate the attack mentioned in the wi=
red article. I am surprised that miners are not worried about losing their =
profits, I would personally be quite annoyed.<br>
</div><div style=3D"font-family:verdana,sans-serif"><br></div></div></block=
quote></div></div></div></div>
--001a11368e800e0fc3050014e36e--
|