Return-Path: <eric@voskuil.org> Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 89B4392 for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 23 Mar 2016 21:40:46 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf0-f173.google.com (mail-pf0-f173.google.com [209.85.192.173]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 043B1155 for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 23 Mar 2016 21:40:45 +0000 (UTC) Received: by mail-pf0-f173.google.com with SMTP id 4so40333881pfd.0 for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 23 Mar 2016 14:40:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=voskuil-org.20150623.gappssmtp.com; s=20150623; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to; bh=YCcJeFS3TWJ5EB6LzfDqrJiPDIj/hFzHJnTY+aEWYzM=; b=JbKUGOu/hwakwJ47GxFWV6ZaY0irmY0ETHB0GdlUQKtFHnE0TMWFtn3vN6rbe8FKkh UjW0J7quVbYne58czQ3QocqdYhSjV5rxwS/3zUPIWa9iHyjgX+hz/j7QOtYv4MxkIy6Y 3QHWxrxlqXp+BOBSERRlM/UeYRYo6nFEPBxFLlS38Jtas1g7Xgh1Ir47SewDE87asgTD LprNbUYL4NzJxvlLl13k39DHjRFawgtZ6nD9zWPGmjjEf7qMKawXfExAcnOeTB4TfSQY /YW+y/2eQFnRTw+SABsFgEw8wBdNFYjMrqzH8aYzPAkOHhsR4tg4vLpfGvPPGnbRxDv7 0//g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to; bh=YCcJeFS3TWJ5EB6LzfDqrJiPDIj/hFzHJnTY+aEWYzM=; b=hfKlItHmF0RmCJj+Ii4RPLlt2Pqom/r9qhUFRewHCrBNPa9qAt05uy+kp1nXuikEfu D20uPN1qQhMqKj8lbOYhruY2oj36QQqXTxO8oEv1E8lw6iZ9g9BS4gvLvjBg2xvGfdX/ eGdd9LQ5eeRliAwF14bzXj8W7tiX0CP1kHiXVvhf5/JOX/yxgZ/PeO5T/Kx85SVqcWfV t/nNqIQxZa7uRHqCYbp+zCHRmM71DGhJbFmTfOXodcG4fiGBnshXkOvhEYdp/aIWzmcx 5u1dJ4HiVLM14vixXrr/GKqV6KzMc0e1HTY0pxv/6tXQTZOn17/a/QDjubkdjtXewEQU nteg== X-Gm-Message-State: AD7BkJLiZJuHlbc/pE4RRANifpQnupyR252sVqmjSzkEKHVR/fWDshMRZ7E8flZ78CWsFw== X-Received: by 10.98.76.194 with SMTP id e63mr7553592pfj.89.1458769245624; Wed, 23 Mar 2016 14:40:45 -0700 (PDT) Received: from ?IPv6:2601:600:9001:8060:3846:59ef:850d:be23? ([2601:600:9001:8060:3846:59ef:850d:be23]) by smtp.googlemail.com with ESMTPSA id k88sm6325593pfj.0.2016.03.23.14.40.44 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 23 Mar 2016 14:40:44 -0700 (PDT) Message-ID: <56F30D62.4090409@voskuil.org> Date: Wed, 23 Mar 2016 14:40:50 -0700 From: Eric Voskuil <eric@voskuil.org> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Tom <tomz@freedommail.ch>, bitcoin-dev@lists.linuxfoundation.org References: <56F2B51C.8000105@jonasschnelli.ch> <1983116.UNQS71VxHo@garp> In-Reply-To: <1983116.UNQS71VxHo@garp> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="IMtfsljsmCuJiOdpeOw5OeuUdeQEdpAHV" X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Thu, 24 Mar 2016 00:40:40 +0000 Subject: Re: [bitcoin-dev] p2p authentication and encryption BIPs X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org> List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> X-List-Received-Date: Wed, 23 Mar 2016 21:40:46 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --IMtfsljsmCuJiOdpeOw5OeuUdeQEdpAHV Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 03/23/2016 01:36 PM, Tom via bitcoin-dev wrote: > On Wednesday 23 Mar 2016 16:24:12 Jonas Schnelli via bitcoin-dev wrote:= > * why would you not allow encryption on non-pre-approved connections? Agree > * we just removed (ssl) encryption from the JSON interface, how do you = suggest=20 > this encryption to be implemented without openSSL? CurveCP > * What is the reason for using the p2p code to connect a wallet to a no= de? > I suggest using one of the other connection methods to connect to the n= ode.=20 > This avoids a change in the bitcoin protocol for a very specific usecas= e. Agree, P2P and client-server protocols are distinct use-cases. Missing this distinction is the root cause of problems with the bloom filters feature. > * Why do you want to do a per-message encryption (wrapping the original= )?=20 > Smaller messages that contain predictable content and are able to be ma= tched=20 > to the unencrypted versions on the wire send to other nodes will open t= his=20 > scheme up to various old statistical attacks. Privacy cannot currently be achieved unless the server is trusted. In most wallet scenarios that's not a reasonable assumption unless one controls the full node. So this is only useful in the case where the wallet is trusting a remote server, and as you point out - message encryption is weak in this case. In a trustless server scenario encryption would be unnecessary overhead. >> Responding peers must ignore (banning would lead to fingerprinting) th= e=20 > requesting peer after 5 unsuccessfully authentication tries to avoid re= source=20 > attacks. >=20 > Any implementation of that kind would itself again be open to resource = > attacks. > Why 5? Do you want to allow a node to make a typo? Agree, denial of service protection can and should be much more flexible than this. It's not necessary to incorporate DoS protection into a protocol. I think maybe this stems from the ill-advised attempt at messaging reliability. >> To ensure that no message was dropped or blocked, the complete communi= cation=20 > must be hashed (sha256). Both peers keep the SHA256 context of the encr= yption=20 > session. The complete <code>enc</code> message (leaving out the hash it= self)=20 > must be added to the hash-context by both parties. Before sending a=20 > <code>enc</code> command, the sha256 context will be copied and finaliz= ed. >=20 > You write "the complete communication must be hashed" and every message= has a=20 > hash of the state until it is at that point. > I think you need to explain how that works specifically. Also, this gets into the area of messaging reliability. This is certainly not something I would recommend for a P2P protocol optimized for maintaining a cache of public data. e --IMtfsljsmCuJiOdpeOw5OeuUdeQEdpAHV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJW8w1iAAoJEDzYwH8LXOFOC4oH/29fZErxnsOsGBGroyQSwab3 2uBpl4p9ZdXk2gImWUWf7EwsHEoblCjdW62Z1/zRFdCPVj1r9VYNeupgv09tg38E OgiZgoxZnbmOjfK5VMU5qqX96v31/UOYmlbyYh2AZ1+3MVk1JK5RpamIp8roff2U uVZ9UBHEUwguyu4xUEShnevmWw7MWMrRPSHQlfsMnnGGis6sU45yaue5SDF+6XMZ k0lTkM5iptC71V+hOhvo9sK3QPz9Ty2wodOfHbbFDfJEqzCPcWdgulXx558fq5kE B3TTyLnkMrVe6R+U9Fa5XMmatII9eTUTu69ES0KjzsZvRW9gS1q5SCQFwPq9Fiw= =qHrZ -----END PGP SIGNATURE----- --IMtfsljsmCuJiOdpeOw5OeuUdeQEdpAHV--