summaryrefslogtreecommitdiff
path: root/c1/20e212c6d6c3993144bd8899f56b33af703fc9
blob: c64f90faf21b6e9c1d7d2f68f8a0baa8ef999d8b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
Return-Path: <eric@voskuil.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 2921DA97
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 30 Jun 2016 18:25:50 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wm0-f51.google.com (mail-wm0-f51.google.com [74.125.82.51])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3226711D
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 30 Jun 2016 18:25:49 +0000 (UTC)
Received: by mail-wm0-f51.google.com with SMTP id r201so130706014wme.1
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 30 Jun 2016 11:25:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=voskuil-org.20150623.gappssmtp.com; s=20150623;
	h=mime-version:subject:from:in-reply-to:date:cc
	:content-transfer-encoding:message-id:references:to;
	bh=9/QalzsQk548Z6ibdcOLSizLBUGXNo7fyhUzlyNenoo=;
	b=aICYIsBlr9x6sTNIsRe/rLJP81w+Azpaieo/1MpNglYP3mJah9XrMQkou+9AdYQ83h
	mYSJgorpU+8J+Xtk3ILnA53Wz1ZTJbrQgOI+oQfDPCAnVinejFMfolef6/52+sRUviP7
	aIIWcfCSBWQbK7RvhM3eDc7oTi+VhwrQM2Zk+z5jmR3jg2B4ldAqUvxVUsc/iZFlga3t
	xykPPccPTDGbgaWAoJ+4htSlJlD7iNikYGnpARpadrKzlqs5Ufrk7dOjemdR5rhCRiW6
	fIUNTEnPhEQS1kGdN8Da3yd6+L/bzG8nK7bbSl48ortzaaUtH8V1Lgpw++b39o+q4SXA
	sGwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
	:content-transfer-encoding:message-id:references:to;
	bh=9/QalzsQk548Z6ibdcOLSizLBUGXNo7fyhUzlyNenoo=;
	b=FXYjkT9QH9URVfybyD42tUa0A4YViSdP3EMUTxxmw7KICje6O9p1E0Z2GnGFjcUjCr
	mXfdGZbEshZZnIDBMlTPjHCu16B868GIafmQ6rlNUXiuU9f4T6FYUifTF+wzlsWUGT2Q
	8htjVhzqfFI6E87dtiyoS77Kanjc9VJII3BshfvPC6FyKchKa7rJe0KpJw9oADdYXu1b
	J2OkbdjhOv5J+niNQyjfcuw6M2riY8JT3wKrQop2pyuf5k5O2m2H3H4nJ/afnr6sGEFR
	lCSO9NzGc4Hqrf2LO3sn1MYGVHER3e5dGDHuYJQpi7HnETx6x/4KSWzpChqmDx3ycDDG
	3ffQ==
X-Gm-Message-State: ALyK8tISfwiyMQea4pJudQvNCXNPXbjDQdw/da1MYgl/2pE3e3IbQs/lnDksM2MAYnw83g==
X-Received: by 10.194.88.5 with SMTP id bc5mr16474295wjb.100.1467311147594;
	Thu, 30 Jun 2016 11:25:47 -0700 (PDT)
Received: from [197.161.189.105] ([197.161.189.105])
	by smtp.gmail.com with ESMTPSA id
	jf3sm4733101wjb.41.2016.06.30.11.25.46
	(version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Thu, 30 Jun 2016 11:25:46 -0700 (PDT)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (1.0)
From: Eric Voskuil <eric@voskuil.org>
X-Mailer: iPhone Mail (13F69)
In-Reply-To: <20160630165227.GA5816@fedora-21-dvm>
Date: Thu, 30 Jun 2016 20:25:45 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <663B51FE-D8D5-4570-ACA6-D1405D98C773@voskuil.org>
References: <87h9cecad5.fsf@rustcorp.com.au>
	<1E86A00F-0609-4DBC-9543-94AE04CC13C9@voskuil.org>
	<577234A4.3030808@jonasschnelli.ch>
	<360EF9B8-A174-41CA-AFDD-2BC2C0B4DECB@voskuil.org>
	<20160629111728.GO13338@dosf1.alfie.wtf>
	<2981A919-4550-4807-8ED9-F8C51B2DC061@voskuil.org>
	<57750EAB.3020105@jonasschnelli.ch>
	<426C2AA3-BFB8-4C41-B4DF-4D6CC11988B2@voskuil.org>
	<577513DB.60101@jonasschnelli.ch>
	<F4BDD091-FD80-4EE9-93EF-735B6BBE253C@voskuil.org>
	<20160630165227.GA5816@fedora-21-dvm>
To: Peter Todd <pete@petertodd.org>
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, MIME_QP_LONG_LINE,
	RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] BIP 151
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2016 18:25:50 -0000



> On Jun 30, 2016, at 6:52 PM, Peter Todd <pete@petertodd.org> wrote:
>=20
>> On Thu, Jun 30, 2016 at 05:22:08PM +0200, Eric Voskuil via bitcoin-dev wr=
ote:
>>=20
>>> On Jun 30, 2016, at 2:43 PM, Jonas Schnelli <dev@jonasschnelli.ch> wrote=
:
>>>=20
>>>>>> The core problem posed by BIP151 is a MITM attack. The implied soluti=
on (BIP151 + authentication) requires that a peer trusts that another is not=
 an attacker.
>>>>>=20
>>>>> BIP151 would increase the risks for MITM attackers.
>>>>> What are the benefits for Mallory of he can't be sure Alice and Bob ma=
y
>>>>> know that he is intercepting the channel?
>>>>=20
>>>> It is not clear to me why you believe an attack on privacy by an anonym=
ous peer is detectable.
>>>=20
>>> If Mallory has substituted the ephemeral keys in both directions, at the=

>>> point where Alice and Bob will do an authentication, they can be sure
>>> Mallory is listening.
>>=20
>> I understand the mechanics of a tunnel between trusting parties that have=
 a secure side channel. But this assumes that no other peer can connect to t=
hese two nodes. How then do they maintain the chain?
>>=20
>> The "middle" in this sense does not have to be the wire directly between t=
hese two peers. It can be between either of them and any anonymous connectio=
n they (must) allow.
>>=20
>> Of course this creates pressure to expand their tunnel. Hence the problem=
 of expanding node identity in an effort to preserve privacy. The protection=
 will remain weak until the entire network is "secure". At that point it wou=
ld necessarily be a private network.
>>=20
>> As Pieter rightly observes, there are and always will be tunnels between t=
rusting nodes. Often these are groups of nodes that are in collaboration, so=
 logically they are one node from a system security standpoint. But if peopl=
e become generally reliant on good node registration, it will become the reg=
istrar who controls access to the network. So my concern rests I this propos=
al becoming widely adopted.
>=20
> To be clear, are you against Bitcoin Core's tor support?
>=20
> Because node-to-node connections over tor are encrypted, and make use of o=
nion
> addresses, which are self-authenticated in the exact same way as BIP151 pr=
oposes.

BIP151 is self-admittedly insufficient to protect against a MITM attack. It p=
roposes node identity to close this hole (future BIP required). The yet-to-b=
e-specified requirement for node identity is the basis of my primary concern=
. This is not self-authentication.

> And we're shipping that in production as of 0.12.0, and by default Tor oni=
on support is enabled and will be automatically setup if you have a recent v=
ersion of Tor installed.
>=20
> Does that "create pressure to expand node identity"?

The orthogonal question of whether Tor is safe for use with the Bitcoin P2P p=
rotocol is a matter of existing research.

e=