Return-Path: <eric@voskuil.org>
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
 by lists.linuxfoundation.org (Postfix) with ESMTP id DA68EC0051
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 24 Aug 2020 20:33:49 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by hemlock.osuosl.org (Postfix) with ESMTP id C4B6488320
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 24 Aug 2020 20:33:49 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id a4gxCCt7Il4t
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 24 Aug 2020 20:33:48 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com
 [209.85.216.47])
 by hemlock.osuosl.org (Postfix) with ESMTPS id A55B788301
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 24 Aug 2020 20:33:48 +0000 (UTC)
Received: by mail-pj1-f47.google.com with SMTP id n3so193118pjq.1
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 24 Aug 2020 13:33:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=voskuil-org.20150623.gappssmtp.com; s=20150623;
 h=content-transfer-encoding:from:mime-version:subject:date:message-id
 :references:cc:in-reply-to:to;
 bh=gCMEnYmqnUT0FE6ixSVjSyJ5w0cGUQH2u76EuEaN+4Q=;
 b=pASqSd2L5G1ztFLdRcPXJbNmedi6UwL6kw2liaAf951orUf62nA1ZgRi6Ar1O5581o
 Vgg8UwdTNmExbtcKMwUEgsANxxH1Xb0BIpx1UfaKBFijC6k+I29/r7qnmGmu4N9JWJzJ
 Bp8GZj8bi1oc6/HU87WLsx/nY4CgG7YgLTjpb9XGIvW5e5hIa3Oh1+VYDvzwOsgvalpt
 6t7e+lwfgceo0F4GX2i93VdPYMOaCRRSj89qi+PPlT3fus+/w1q4RV1UP3+KaPN780yD
 q0bUxnePtrWYVdAUhUtgktkQkvwoLjRprjpuQlDpQdGwh/0w3G9CSh+86ck9u6VzKgkc
 pX6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:content-transfer-encoding:from:mime-version
 :subject:date:message-id:references:cc:in-reply-to:to;
 bh=gCMEnYmqnUT0FE6ixSVjSyJ5w0cGUQH2u76EuEaN+4Q=;
 b=qMZxmy0COWXRiDa9KnznMzq4LuckZsqcRhUPFrsHzsUiYjCIGrQYNcTGp7DBCYrv4H
 KeJO7y264a8OTgFQNTgogBKDsdCQ3Zrx7QiY5M67j9l1J++AOFd8C35JhFqw+ClRKDS8
 /h2sX6H8YJ/rPthrBUVnNcc2tWVQ0cEZFLhYTdSwKvBVBfgHmZb17qYpsinTC6Zhe7UC
 ZT6Or7qkIaVCJqB3KAnJxSmiwwLvJdxDjDNG7bFHHTntIvSJYjqFDvF258avvC1xKNtl
 l6X/35wowTm/IgcdOI6gzPMZj3+N7GH5TYQTyO2pJ1x+Bsa5lrZtLAE70cM1dcSH8mk1
 675w==
X-Gm-Message-State: AOAM533+N9illR4R8ppZcaGCkIRRjDGqOXQSfY/VcCaieu3qSO9yFXWM
 X0ymhxOi1sNkenE8eLbj/e6wgQ==
X-Google-Smtp-Source: ABdhPJyRx/JOj5tRtDap7U4gfJEfWw8xW5PsYnSG4fR9sdccFqBmlBgKKn5ZhupU0pQJa4iMT5dwKg==
X-Received: by 2002:a17:90b:784:: with SMTP id l4mr774024pjz.96.1598301228148; 
 Mon, 24 Aug 2020 13:33:48 -0700 (PDT)
Received: from ?IPv6:2600:380:705e:6b65:8d01:1dee:2537:4ab1?
 ([2600:380:705e:6b65:8d01:1dee:2537:4ab1])
 by smtp.gmail.com with ESMTPSA id z15sm10656448pgz.13.2020.08.24.13.33.46
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Mon, 24 Aug 2020 13:33:47 -0700 (PDT)
Content-Type: multipart/alternative;
 boundary=Apple-Mail-643A9781-4A7F-48A5-9F56-2391D62C4996
Content-Transfer-Encoding: 7bit
From: Eric Voskuil <eric@voskuil.org>
Mime-Version: 1.0 (1.0)
Date: Mon, 24 Aug 2020 13:33:46 -0700
Message-Id: <B5077EB6-64CB-4067-96F0-5E11C074FE8C@voskuil.org>
References: <CAD5xwhiSf3isoMsVJiv5KQ3n5ymcS+StigkX_eDe5hmAGra-0Q@mail.gmail.com>
In-Reply-To: <CAD5xwhiSf3isoMsVJiv5KQ3n5ymcS+StigkX_eDe5hmAGra-0Q@mail.gmail.com>
To: Jeremy <jlrubin@mit.edu>
X-Mailer: iPhone Mail (17G80)
X-Mailman-Approved-At: Mon, 24 Aug 2020 20:36:22 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Generalizing feature negotiation when new p2p
	connections are setup
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Aug 2020 20:33:50 -0000


--Apple-Mail-643A9781-4A7F-48A5-9F56-2391D62C4996
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable

I see no requirement for anything here apart from exchanging a list of suppo=
rted =E2=80=9Cfeatures=E2=80=9D. Conditionally hiding a feature provides no b=
enefit. Any peer that wants it can get it (obfuscation being weak security),=
 and otherwise it=E2=80=99s a non-issue.

e

> On Aug 24, 2020, at 13:22, Jeremy <jlrubin@mit.edu> wrote:
>=20
>> On Mon, Aug 24, 2020 at 1:17 PM Eric Voskuil <eric@voskuil.org> wrote:
>> I said security, not privacy. You are in fact exposing the feature to any=
 node that wants to negotiate for it. if you don=E2=80=99t want to expose th=
e buggy feature, then disable it. Otherwise you cannot prevent peers from ac=
cessing it. Presumably peers prefer the new feature if they support it, so t=
here is no need for this complexity.
>=20
> I interpreted " This seems to imply a security benefit (I can=E2=80=99t di=
scern any other rationale for this complexity). It should be clear that this=
 is no more than trivially weak obfuscation and not worth complicating the p=
rotocol to achieve.", to be about obfuscation and therefore privacy.
>=20
> The functionality that I'm mentioning might not be buggy, it might just no=
t support peers who don't support another feature. You can always disconnect=
 a peer who sends a message that you didn't handshake on (or maybe we should=
 elbow bump given the times).

--Apple-Mail-643A9781-4A7F-48A5-9F56-2391D62C4996
Content-Type: text/html;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><div dir=3D"ltr">I see no requirement for a=
nything here apart from exchanging a list of supported =E2=80=9Cfeatures=E2=80=
=9D. Conditionally hiding a feature provides no benefit. Any peer that wants=
 it can get it (obfuscation being weak security), and otherwise it=E2=80=99s=
 a non-issue.</div><div dir=3D"ltr"><br></div><div dir=3D"ltr">e</div><div d=
ir=3D"ltr"><br></div><div dir=3D"ltr"><blockquote type=3D"cite">On Aug 24, 2=
020, at 13:22, Jeremy &lt;jlrubin@mit.edu&gt; wrote:<br></blockquote></div><=
blockquote type=3D"cite"><div dir=3D"ltr"><div dir=3D"ltr"><br><div class=3D=
"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Aug 24, 2020 at 1=
:17 PM Eric Voskuil &lt;<a href=3D"mailto:eric@voskuil.org">eric@voskuil.org=
</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0=
px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><d=
iv dir=3D"auto"><div dir=3D"ltr">I said security, not privacy. You are in fa=
ct exposing the feature to any node that wants to negotiate for it. if you d=
on=E2=80=99t want to expose the buggy feature, then disable it. Otherwise yo=
u cannot prevent peers from accessing it. Presumably peers prefer the new fe=
ature if they support it, so there is no need for this complexity.</div></di=
v></blockquote><div><br></div><div style=3D"font-family:arial,helvetica,sans=
-serif;font-size:small;color:rgb(0,0,0)" class=3D"gmail_default">I interpret=
ed<b> "<span class=3D"gmail-im">
This seems to imply a security benefit (I can=E2=80=99t discern any other=20=

rationale for this complexity). It should be clear that this is no more=20
than trivially weak obfuscation and not worth complicating the protocol=20
to achieve.</span>", </b>to be about obfuscation and therefore privacy.</div=
><div style=3D"font-family:arial,helvetica,sans-serif;font-size:small;color:=
rgb(0,0,0)" class=3D"gmail_default"><br></div><div style=3D"font-family:aria=
l,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)" class=3D"gmail_defa=
ult">The functionality that I'm mentioning might not be buggy, it might just=
 not support peers who don't support another feature. You can always disconn=
ect a peer who sends a message that you didn't handshake on (or maybe we sho=
uld elbow bump given the times).<br></div><div style=3D"font-family:arial,he=
lvetica,sans-serif;font-size:small;color:rgb(0,0,0)" class=3D"gmail_default"=
><b></b></div></div></div>
</div></blockquote></body></html>=

--Apple-Mail-643A9781-4A7F-48A5-9F56-2391D62C4996--