MIME-Version: 1.0
References: <56F2B51C.8000105@jonasschnelli.ch> <2590065.B4dTBeyc1A@garp>
	<56F586B4.8020507@jonasschnelli.ch> <4517402.JLxTDjem5X@garp>
In-Reply-To: <4517402.JLxTDjem5X@garp>
From: James MacWhyte <macwhyte@gmail.com>
Date: Sat, 26 Mar 2016 23:23:54 +0000
Message-ID: <CAH+Axy7cyZXzAHE7bfGxyMF8oxy=hpOW9nFd5KiLnVab3b=qCA@mail.gmail.com>
To: Tom <tomz@freedommail.ch>, bitcoin-dev@lists.linuxfoundation.org
Content-Type: multipart/alternative; boundary=001a113d5edcb53448052efbf9c9
Subject: Re: [bitcoin-dev] p2p authentication and encryption BIPs
Precedence: list

--001a113d5edcb53448052efbf9c9
Content-Type: text/plain; charset=UTF-8

On Sat, Mar 26, 2016 at 1:34 AM Tom via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> On Friday 25 Mar 2016 19:43:00 Jonas Schnelli via bitcoin-dev wrote:
> > An encrypted channel together with a trusted full node would finally
> > allow to have a secure and save SPV communication.
>
> I guess my question didn't get across.
>
> Why would you want to make your usecase do connections over the peer2peer
> (net.cpp) connection at all?
>
> Mixing messages that are being sent to everyone and encrypted messages is
> asking for trouble.
> Making your private connection out-of-band would work much better.
>
>
I agree doing it out-of-band is the easiest solution for people who need
this privacy right now, but I do like the idea of adding this feature as
the number of SPV wallets is going to increase. I think the best way to
organize things would be to give encrypted messages their own port number,
similar to how http vs. https works.

We don't want two networks to develop, separated by which nodes support
encryption and which don't, so ideally nodes would rebroadcast messages
they receive on both (encrypted and non-encrypted) channels. This would
essentially double the required bandwidth of the network, which is
something to think about.


> > > Also, you didn't actually address the attack-vector.
> >
> > Which attack-vector?
>
> The statistical attack I mentioned earlier.  Which comes from knowing which
> plain text messages are being sent over the encrypted channel, So as long
> as
> you keep saying you want to encrypt data that identical copies of are being
> sent to other nodes at practically the same time, you will keep being
> vulnerable to that.
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

--001a113d5edcb53448052efbf9c9
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><br><div class=3D"gmail_quote"><div dir=3D"ltr">On Sat=
, Mar 26, 2016 at 1:34 AM Tom via bitcoin-dev &lt;<a href=3D"mailto:bitcoin=
-dev@lists.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>&g=
t; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 =
.8ex;border-left:1px #ccc solid;padding-left:1ex">On Friday 25 Mar 2016 19:=
43:00 Jonas Schnelli via bitcoin-dev wrote:<br>
&gt; An encrypted channel together with a trusted full node would finally<b=
r>
&gt; allow to have a secure and save SPV communication.<br>
<br>
I guess my question didn&#39;t get across.<br>
<br>
Why would you want to make your usecase do connections over the peer2peer<b=
r>
(net.cpp) connection at all?<br>
<br>
Mixing messages that are being sent to everyone and encrypted messages is<b=
r>
asking for trouble.<br>
Making your private connection out-of-band would work much better.<br>
<br></blockquote><div><br></div><div>I agree doing it out-of-band is the ea=
siest solution for people who need this privacy right now, but I do like th=
e idea of adding this feature as the number of SPV wallets is going to incr=
ease. I think the best way to organize things would be to give encrypted me=
ssages their own port number, similar to how http vs. https works.<br><br>W=
e don&#39;t want two networks to develop, separated by which nodes support =
encryption and which don&#39;t, so ideally nodes would rebroadcast messages=
 they receive on both (encrypted and non-encrypted) channels. This would es=
sentially double the required bandwidth of the network, which is something =
to think about.</div><div>=C2=A0</div><blockquote class=3D"gmail_quote" sty=
le=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
&gt; &gt; Also, you didn&#39;t actually address the attack-vector.<br>
&gt;<br>
&gt; Which attack-vector?<br>
<br>
The statistical attack I mentioned earlier.=C2=A0 Which comes from knowing =
which<br>
plain text messages are being sent over the encrypted channel, So as long a=
s<br>
you keep saying you want to encrypt data that identical copies of are being=
<br>
sent to other nodes at practically the same time, you will keep being<br>
vulnerable to that.<br>
<br>
<br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div></div>

--001a113d5edcb53448052efbf9c9--