Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 6DE2FA1A for ; Tue, 28 Jun 2016 21:36:02 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-vk0-f43.google.com (mail-vk0-f43.google.com [209.85.213.43]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D07201C6 for ; Tue, 28 Jun 2016 21:36:01 +0000 (UTC) Received: by mail-vk0-f43.google.com with SMTP id j3so40734995vkb.0 for ; Tue, 28 Jun 2016 14:36:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=ANR8HgBzEPtFWIL3i76sG2XxLtHKlE5/BzFBMio5FWk=; b=R3US1DRgnp2I74r2GBdVSJcI3WZO97lBwMfCQLCKCnMrAKz7W8oLM4tS7Q9o81i+hE zqL5E1Klus8515sfzpousRC9hZmweG7luupTftwDNVnWsTPAkvqIRrUnigZeigYTns8l P7DEoe1R74ntLaXYao3k0FtHihB2CET8uE5d0mrCUTU0uEcuO1VJ2haiI02rXvVo4DyF zXol8H8ybwA3fVeGzG/lNJJNmkNDZtcISOFn+ONqXUJbsyWXU2u29gswJKoESAYMcKxw aF12ICJd/fZyaR/tDew5ysATARDJ+V1C+++FdotxVu52H2VSb72KMzlDK/cGY42jWnaI Rp4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=ANR8HgBzEPtFWIL3i76sG2XxLtHKlE5/BzFBMio5FWk=; b=ImSCMn/0xsoSOTuRvUmPKNT/idJ7tmgTl7Au1xWqZI+6L5cd1iTzIXij6a68byiky6 RdHAJjH/IA6hmBUxuDFykqO7gJ/IuwZ7X2xUi2Gq5PZyG9YsMuRgYmuxLpHOmty0MzCw pJk8BkeGm3xe5k7n2jkn5EhP5AichV5dRLWwbfx+Zltl7DoIebv1hIjP7qdL6mdgtGPf kbtcGvkSaciHPq9B0Stueme6dBkeeopf2GuXZ46IQjghshYPyd9OOFwmIcMzZko2EBdT 79HikgCZqk5EhkxLrZj+I9MNjtps7GrjeY+bbTIbSkDtLlv8FjzqhCfDOiOA7HrfeI1E M8eA== X-Gm-Message-State: ALyK8tIHkKMaSkHFPHXIr4tvNmre3m8q5vf3bsp3ar6rO+9KAfJHkCZLcmZHSDPgku+wbcbIEgVH1B9PntmG0Q== X-Received: by 10.176.64.202 with SMTP id i68mr1753045uad.69.1467149760844; Tue, 28 Jun 2016 14:36:00 -0700 (PDT) MIME-Version: 1.0 Sender: gmaxwell@gmail.com Received: by 10.103.94.67 with HTTP; Tue, 28 Jun 2016 14:36:00 -0700 (PDT) In-Reply-To: References: <87h9cecad5.fsf@rustcorp.com.au> <1E86A00F-0609-4DBC-9543-94AE04CC13C9@voskuil.org> <577234A4.3030808@jonasschnelli.ch> <360EF9B8-A174-41CA-AFDD-2BC2C0B4DECB@voskuil.org> <20160628182202.GA5519@fedora-21-dvm> <20160628201447.GA1148@fedora-21-dvm> <4DCF7DD2-6533-4F79-8CA1-871B67C01BDA@voskuil.org> <20160628203605.GA1328@fedora-21-dvm> From: Gregory Maxwell Date: Tue, 28 Jun 2016 21:36:00 +0000 X-Google-Sender-Auth: IAwHSXHN1iFmQr9_iOFfD_DGojs Message-ID: To: Eric Voskuil , Bitcoin Protocol Discussion Content-Type: text/plain; charset=UTF-8 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] BIP 151 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2016 21:36:02 -0000 On Tue, Jun 28, 2016 at 9:22 PM, Eric Voskuil via bitcoin-dev wrote: > An "out of band key check" is not part of BIP151. It has a session ID for this purpose. > It requires a secure channel and is authentication. So BIP151 doesn't provide the tools to detect an attack, that requires authentication. A general requirement for authentication is the issue I have raised. One might wonder how you ever use a Bitcoin address, or even why we might guess these emails from "you" aren't actually coming from the NSA.