Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XJuFE-0006rr-JW for bitcoin-development@lists.sourceforge.net; Wed, 20 Aug 2014 00:59:20 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.216.169 as permitted sender) client-ip=209.85.216.169; envelope-from=will.yager@gmail.com; helo=mail-qc0-f169.google.com; Received: from mail-qc0-f169.google.com ([209.85.216.169]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XJuFD-0007UB-RJ for bitcoin-development@lists.sourceforge.net; Wed, 20 Aug 2014 00:59:20 +0000 Received: by mail-qc0-f169.google.com with SMTP id c9so7095517qcz.0 for ; Tue, 19 Aug 2014 17:59:14 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.229.184.9 with SMTP id ci9mr72885315qcb.11.1408496354360; Tue, 19 Aug 2014 17:59:14 -0700 (PDT) Received: by 10.140.51.37 with HTTP; Tue, 19 Aug 2014 17:59:14 -0700 (PDT) In-Reply-To: References: <0C0EF7F9-DBBA-4872-897D-63CFA3853726@ricmoo.com> <33D4B2E3-DBF0-444E-B76A-765C4C17E964@ricmoo.com> <53F37635.5070807@riseup.net> <53F38AC9.4000608@corganlabs.com> <53F3DFF7.9070709@jrn.me.uk> <3476b0a1-e08a-46bf-9ee4-ef56fcb02d72@email.android.com> Date: Tue, 19 Aug 2014 19:59:14 -0500 Message-ID: From: William Yager Cc: Bitcoin Development Content-Type: multipart/alternative; boundary=001a11331fb6de9fd80501051c45 X-Spam-Score: 0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (will.yager[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.2 MISSING_HEADERS Missing To: header 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1XJuFD-0007UB-RJ Subject: Re: [Bitcoin-development] Proposal: Encrypt bitcoin messages X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Aug 2014 00:59:20 -0000 --001a11331fb6de9fd80501051c45 Content-Type: text/plain; charset=UTF-8 What, exactly, do we hope to achieve from having end-to-end encryption? Even if it worked perfectly, it wouldn't be very useful. But it won't work perfectly, because we don't have any method of authentication. The bitcoin network is trivially MITMable. It's designed to work even in the face of that, but any encryption we implement will just get blown away by anyone who cares enough to stand in the middle of two nodes. As far as I can see, we get a microscopic obfuscatory advantage over a very weak passive attacker, at the cost of hugely increased software complexity (and possibly increased CPU time). So again; what do we hope to achieve? Why bother? Not a lot of sensitive information is transmitted in the clear. The little information that might be considered sensitive is better protected by anonymization (a la Tor), not encryption. --001a11331fb6de9fd80501051c45 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
What, exactly, do we hope to achieve from having end-to-en= d encryption?=C2=A0

Even if it worked perfectly, it woul= dn't be very useful.=C2=A0

But it won't wo= rk perfectly, because we don't have any method of authentication. The b= itcoin network is trivially MITMable. It's designed to work even in the= face of that, but any encryption we implement will just get blown away by = anyone who cares enough to stand in the middle of two nodes.

As far as I can see, we get a microscopic obfuscatory a= dvantage over a very weak passive attacker, at the cost of hugely increased= software complexity (and possibly increased CPU time).

So again; what do we hope to achieve? Why bother? Not a lot of sensiti= ve information is transmitted in the clear. The little information that mig= ht be considered sensitive is better protected by anonymization (a la Tor),= not encryption.
--001a11331fb6de9fd80501051c45--