1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
Return-Path: <eric@voskuil.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 73547899
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 28 Jun 2016 18:35:31 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wm0-f44.google.com (mail-wm0-f44.google.com [74.125.82.44])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 343C32D4
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 28 Jun 2016 18:35:30 +0000 (UTC)
Received: by mail-wm0-f44.google.com with SMTP id r201so40334444wme.1
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 28 Jun 2016 11:35:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=voskuil-org.20150623.gappssmtp.com; s=20150623;
h=mime-version:subject:from:in-reply-to:date:cc
:content-transfer-encoding:message-id:references:to;
bh=Ft9O8t8gE9MPHiosnS2uQBNMncPSOyPuJH9OKp1haUU=;
b=DqeAEeSgnzEU2MHhWs9vW+OYSx7lALd3N0rSEMmM+eZ/whIv8gd2YVYciXBr9RGl2Z
zYcRVapLWvAxd9/vxFJNwIjqsHoL/AcWPd/07+GFfT+tHuDKlygoq9rUw6/7kGKTIsNj
Dq3Qphh/rzg0yazyTtei+NtYrLAwRchH9R2sTl3CRMOL/8Y5ddR/srZqV3k4ixdMrUN1
FniZUjVFGHN8ijH+L+3Q/GQsjv3l80RVimIG2EgOFoUkhiouOvyeL64Glg712lz2Mwif
FwMsKOBkrKLWc5bHuP1U8Xv+/QILA0IKB4O7DWoLx4dar1Sm6XTwBDpEV6DCdnORhXS6
lK4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
:content-transfer-encoding:message-id:references:to;
bh=Ft9O8t8gE9MPHiosnS2uQBNMncPSOyPuJH9OKp1haUU=;
b=l6hjVqetpNpZ5+6e/hkgovQv4wFoTE1UVkzOklHubmlDpar8sKHbvxgVgZv063tpSx
HK91pKRbS0n5W6DhXLkmwt3VmeOTUkpOgZbuCwGzuWGhRfUYCtAFRAN9NAB1Dp8tFsrk
0FVrdXbjDIeZOoWI2o0z1NVp6MwAK3mug6zWhIYxW7CBJTp4+yoiFx3HQYxZs1DsX3DP
fERuyA2W8KlB+O8QSmvepqF7gYua5yDE9WCBV13JK0RlyWsUCWmZewYcNeCEYZCgvplt
3Fy6IKULaCzNw1UEZ6sEFfKP50gdiU1udwmm7d6V1NC4drvaS7Uc6R3zYXF6Mxxlu45u
myAg==
X-Gm-Message-State: ALyK8tL6FfoDh/SxKM0tzHOfwvG/8kAMOxcgQoRXY2vCy5grnH/FbL7fYbyOqCRcpINCeg==
X-Received: by 10.28.66.204 with SMTP id k73mr16963801wmi.20.1467138928826;
Tue, 28 Jun 2016 11:35:28 -0700 (PDT)
Received: from [10.114.7.71] ([41.33.219.254])
by smtp.gmail.com with ESMTPSA id p191sm249290wme.7.2016.06.28.11.35.27
(version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Tue, 28 Jun 2016 11:35:28 -0700 (PDT)
Content-Type: text/plain;
charset=us-ascii
Mime-Version: 1.0 (1.0)
From: Eric Voskuil <eric@voskuil.org>
X-Mailer: iPhone Mail (13F69)
In-Reply-To: <20160628182202.GA5519@fedora-21-dvm>
Date: Tue, 28 Jun 2016 20:35:26 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <D40F9E9D-DB6C-4083-A9E8-C5EBC363DB30@voskuil.org>
References: <87h9cecad5.fsf@rustcorp.com.au>
<1E86A00F-0609-4DBC-9543-94AE04CC13C9@voskuil.org>
<577234A4.3030808@jonasschnelli.ch>
<360EF9B8-A174-41CA-AFDD-2BC2C0B4DECB@voskuil.org>
<20160628182202.GA5519@fedora-21-dvm>
To: Peter Todd <pete@petertodd.org>
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, MIME_QP_LONG_LINE,
RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] BIP 151
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jun 2016 18:35:31 -0000
Hi Peter,
What in this BIP makes a MITM attack easier (or easy) to detect, or increase=
s the probability of one being detected?
e
> On Jun 28, 2016, at 8:22 PM, Peter Todd <pete@petertodd.org> wrote:
>=20
> On Tue, Jun 28, 2016 at 06:45:58PM +0200, Eric Voskuil via bitcoin-dev wro=
te:
>>> 1) Transaction censorship
>>> ISPs, WIFI provider or any other MITM, can holdback/censor unconfirmed
>>> transactions. Regardless if you are a miner or a validation/wallet node.=
>>>=20
>>> 2) Peer censorship
>>> MITM can remove or add entries from a "addr" message.
>>>=20
>>> 3) Fingerprinting
>>> ISPs or any other MITM can intercept/inject fingerprinting relevant
>>> messages like "mempool" to analyze the bitcoin network.
>>=20
>> Encryption alone cannot protect against a MITM attack in an anonymous and=
permissionless network. This is accepted in the BIP (and your follow-up rep=
ly).
>=20
> Being able to easily detect MITM attacks is a _huge_ step forward that
> shouldn't be underestimated; even if 99% of users aren't in a position to
> detect the MITM you only need a small subset of users that do the necessar=
y
> checks to alert the wider community, who can then respond with stronger
> security measures. Those measures are likely to be more costly - authentic=
ated
> systems are significantly harder than not - so better to save your efforts=
> until the need for them is more obvious.
>=20
> Also the fact that an attack has a reasonable probability of detection is a=
big
> disincentive for many types of attackers - note how one of the things reve=
aled
> in the Snowden leaks was the fact that the NSA generally tries quite hard t=
o
> avoid tipping off targets to the fact that they're being surveilled, with a=
> myriad of carefully scripted policies to control when and how exploits are=
used
> against targets.
>=20
> --=20
> https://petertodd.org 'peter'[:-1]@petertodd.org
|