summaryrefslogtreecommitdiff
path: root/36/72e80803abc48e9a501de0f7ad5aeda415ae91
blob: a11462bebee122cbd4b43ba1828e897f96709e5e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
Return-Path: <vitteaymeric@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 9270AAC8
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sun, 10 Nov 2019 00:23:09 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com
	[209.85.128.50])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id BAB8F604
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sun, 10 Nov 2019 00:23:06 +0000 (UTC)
Received: by mail-wm1-f50.google.com with SMTP id u18so2119545wmc.3
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat, 09 Nov 2019 16:23:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=subject:to:cc:references:from:openpgp:autocrypt:message-id:date
	:user-agent:mime-version:in-reply-to:content-language;
	bh=fLmM4YBpY4ZofC890ZiVMAYYp4bYo+VUAgvKJfTL1Rk=;
	b=GQfnRMf+PE6NxEwiy9I+xVr0tQLiLtxW5i6LFmU8iRYnf+j0LWLH1qlw23KSF0QVr0
	kaIaet2davdKrbC8mx19LGj9C7nlu8EZRn/urS+fQx2HRbScn+/9lBhOKaFHrJB7NAPQ
	R5SW2dytft8Q12jEafSSQACgydi9RV89sLLIFeVhbFibl4WR7yA6l197y3TlWP4xyJcd
	i/7zvOtNFULG9I2f0Fznch2gfwwaeHRml6Sp3EqfJflLYHyDKz0Va0C9/xHZ+/sRplLF
	S6nOk4ypvSzezE1EOr00/2Zx4TzDRIYtCa7lsXqPlXPR0hk7oomXJbZ70RwdADVeAuOy
	KATw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:subject:to:cc:references:from:openpgp:autocrypt
	:message-id:date:user-agent:mime-version:in-reply-to
	:content-language;
	bh=fLmM4YBpY4ZofC890ZiVMAYYp4bYo+VUAgvKJfTL1Rk=;
	b=ARbAmboRz8Kpj4uKotg3GvwspF5IGcanmcT3a+1noUJGhIc4/ZnFpbBJ1AZPvPm2MS
	X7o5ZdnB2O+lgAr1pnX0VirQL5p5YrAp0EJEgYa1Hrnx0tef6nxIit73MKp4//AtdqFn
	3ejtNerDCrZnJ/FvGsAtsMfMN2nDnJhHat5WiV1EMVZMHwQydRY31yDE9wEkX84fN+mz
	olhkWeTfoTcujbqToviAUiUgqPcdjCt/AdT5uCB0vwuU5uWXayXGB8jendlo1SdFIE9h
	B4vWZ0Q4AvCo6JDbbCsbAOrA/iVMSC5qdyViVwFvv9HTvBbq6aUd52916UrZZOE3JWd1
	U1/w==
X-Gm-Message-State: APjAAAWRZ3lEobBz3f3TGrwdoB1Ag7C8ZszZBhQlHE43fbkSz7c3oljz
	6F2mPJAbSShDe/ukhiEfFiE=
X-Google-Smtp-Source: APXvYqz7clNg8UKjRb+xGELh89oPeiHFhX8tosL1rWHohru5zQYC7/Khwn87SzIopDhyUK9FDCSPyg==
X-Received: by 2002:a7b:cf35:: with SMTP id m21mr14906717wmg.145.1573345385202;
	Sat, 09 Nov 2019 16:23:05 -0800 (PST)
Received: from ?IPv6:2a01:cb1d:44:6500:9d6d:71b2:cb71:cb17?
	([2a01:cb1d:44:6500:9d6d:71b2:cb71:cb17])
	by smtp.googlemail.com with ESMTPSA id
	d198sm4567387wmd.2.2019.11.09.16.23.02
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sat, 09 Nov 2019 16:23:04 -0800 (PST)
To: LORD HIS EXCELLENCY JAMES HRMH <willtech@live.com.au>,
	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>,
	Luke Dashjr <luke@dashjr.org>
References: <201911081507.40441.luke@dashjr.org>
	<PS2P216MB0179D441FBC93122CDE5354D9D7B0@PS2P216MB0179.KORP216.PROD.OUTLOOK.COM>
	<b6ccd41b-3232-80d2-ab66-5ffa0f7abfac@gmail.com>
	<PS2P216MB0179591B9D8380B290BF4A5C9D7A0@PS2P216MB0179.KORP216.PROD.OUTLOOK.COM>
	<256d3775-814a-02ad-8152-f2b689219653@gmail.com>
	<PS2P216MB0179B7D2ADEA7CB544F7F90C9D7A0@PS2P216MB0179.KORP216.PROD.OUTLOOK.COM>
From: Aymeric Vitte <vitteaymeric@gmail.com>
Openpgp: preference=signencrypt
Autocrypt: addr=vitteaymeric@gmail.com; prefer-encrypt=mutual; keydata=
	mQINBFdW8uABEAC7HJScbB2d/lmYoY5Cn9loEjJwfLs1LC3om030bWFGiH3Ceo5XeHUT94rw
	Pi+HaHU8ea94425SXIFsnqp/ouoT/8Ffn6vED0OoRmK0jE4fqDApXSpoL2mHX9PAGdUItMtD
	YrxBiBZNfMkctEsm4NrQ4TCvB3Yrm6Fc69inXJjUoYgPw5tHafEeI8Qwh0j99JZZDKcAqIra
	JF3MPc59rATz0qOJtRP9EpsPVFwjJe13zN6CHILwiVgrL8EtT5WKCVO6ATxh60LHi8+MwPxV
	V31zp/NNI5Hck+XocEMO98ZvUu9X8ZxmnOk/+9pBxXEwUqSGUNWdmPJLncpI23Usce3u/MOo
	M2C4T4rD4J0XrXiyBvbeTvwq4qVNlyggeWzlBH+YpEYgDctPq4gNh4eoTtAkf8URtBeke5bQ
	CGdaZt/jxv8nvmxs9V/iSyg5ldJLQktHStXOo0OZ7FEB2C6Ggtymm4hm2MHYg07Q1MGJrFLa
	oJZkJ3JeXnVsZMam7ypQtld6rRa96CvH+llXwux6aQ5hKdzmBBMQ10LlkZhkExgTawbeqdiG
	RMP2DjD5go6TPdAHS4NN34SBkrTWLqgWOjN/lnG77bbLnpMl0P+xBTuqw1oSXaDbcdHE2nGY
	lRno/ZZIfr+1Bq56DZLBX/WpnAT4f5WtofL4CxQM9SbG6byyewARAQABtCJBeW1lcmljIFZp
	dHRlIDxheW1lcmljQHBlZXJzbS5jb20+iQI/BBMBCAApBQJXVvLgAhsjBQkJZgGABwsJCAcD
	AgEGFQgCCQoLBBYCAwECHgECF4AACgkQKh17NCYnrDm3WhAAlYmgtSmtfqjBvQMqkmtqiQJA
	aZkzFZWt6+zroduHH5/Tp8jh73gFqCUyRrl/kcKvs2+XQhfrOwk1R6OScF25bpnrZSeuyJnZ
	MZu4T0P2tGS8YdddQvWUHMtI9ZnQRuYmuZT23/hgj1JnukuGvGLeY0yDUa1xFffPN39shp5X
	FPMcpIVOV3bs+xjAdsyfRyO3qJAD1FGiR7ggJeoaxUbKZ6NtcVUPPRMjVTKfopkuDwKY318m
	BE0epfxSZ/iRhsJ0/sREUWgbgq4/QvCFwBKzgz7fTikGmf8OELWSdofmXs7gOtmMc3el8fJu
	W8PVa/OsIQHDmwSzvxmE8ba5M8bdwOYEraTWFArIymAAtRXKxmuYpkqKfeSlbCwae3W+pgNT
	8nKYRVAFlMtIxYkmPYyMTk9kCscmSqugGWbWdnqe/dhVaa31xa1qO1tDH24D2/tjCJRQt4Jk
	AEWNSmjCmjfeArMEFTGlZwMTAjVXErLSPbLOsZiZhD9sjvSbfzrtJiMli2h9+Dvds+AJk1PM
	O8LW7cCNyFoCk4OdAxzJHobZ25G+uy4NSQEHgxLC2iuh/tugz1tOHnQczPc/3AkVVI9A5DF1
	gbVRBJh6rI7sAcwuR76uoOs0Rpp7r6I66xqU/5eq8g1OsJp89tw0ppSIa0YmaxNqQZ0l3rVX
	o/ZwpBjtNQS5Ag0EV1by4AEQANhlz3Ywff4dY1HTdn05v0wVUxZzW2PUih+96m6EhpUrD9BT
	vxriKtbgxm/zl+5YAlThbrk9f0QyVTHJ95Z1/M5qjuksP9Zn3qZ/8ylANDkN2s3z8Bq/LJA+
	u7+APhMqyFWK0FqNCOogClvijiKPEzkU6tmDGO6wZ5pR/u8Fdq7DGQgwgyGZZc7qstte0M7l
	yx7bVRlPBqvd6kyX3YubQHzkctf46nFjiYZgKawdWFsA3PCdSBupbhixL5d/t1UK9ZTiQJcf
	0uhHzT06qwolFrm/ugkLDHtE4Zo3BuKch47Sms8P2hJ08gABxeJHg0ZgkIUy/Xf4nHbDCBJw
	T8tE8pWYWA2ECiPNo0TOCMVOueEzISUNKINfCuFHSbMQU39hgt3ofxODbAjOiO3e/iu1ptck
	AkuVBdtjOBP4tHRGxVrbf5EuAV5U5xtiSxMwMgojg0GIXZjnT/8uvWqcLqtJILRMmmu+WNvD
	oxuiJzcTJhDai9oujmxQwcpMvgrBB89KSTDyitO5XVjZqaR7Zxvvn3rM4bAms/lotv9+pTyh
	spazTIxb80u0ifJ6y1RxAkxQCfWwps1i3VbsM6OKX78aUyOf5V4ihXF57M37tOqPRwFvz6a+
	AIIhUNMTLo2H+o6Vw9qbX8SUxPHPs6YpJ8lWQJ9OMWHE+SbaDFAi/D5hYRubABEBAAGJAiUE
	GAEIAA8FAldW8uACGwwFCQlmAYAACgkQKh17NCYnrDmk4Q/9Fuu0h5HvIiO3ieYA2StdE7hO
	vv2THuesjJDsj6aQUTgknaxKptJogNe3dDyIT+FHxXmCw0Nrbm9Q3ryl80z/G9utfFNO3Gwc
	q31QW3n3LJHnpqdrV3WsRzT5NwJMVtiIAGRrX8ZomtarWHT0PeEHC2xBdFzRrJtmkrwer0Wc
	0nBzD7vk1XEXC9nODbmlgsesoHFgRwQBst3wClCbX1gv8aSfxQNpaf9UBC8DmyrQ621UXpBo
	PvcFEtWxV44vJfP0WOLCCN0Pzv2F2I66iKo7VMqbr5jlNAXJN9I1hXb7qwYJmBC9j5oeEoqv
	A9d44WWpxrdAr8qih4Nv89k9+9F6NoqORY3FGuVDKiW8CVhCmGT7bIvNeyicVBZFipXqPcKL
	VFduO2c5Ubc2npMWLUF1k9JJc9tH75l3+F/0RbYVTzGAZ+zSaudwR6h8YiCN2DBZGZkJEZbh
	3X/l6jtijMN/W9sPHyyKvm/TmeEC27S3TqZPZ8PUQLxZC70V6gMbenh01JdSQsn5t8Ru0RNh
	Blt0g7IyZyIKCE9b+TyzbYpX6qgqEBUHia5b0vyPtQacWQlZ8uqnghAqNkLluEsy7Q/7xG6M
	wXUYEDsFOmB9dKOzcAOIhpxlVjSKu5mzXJ11sEtE8nyF5NJ/riCA7FGcjlki3zIpzQUNo9v7
	vXl2h6Tivlk=
Message-ID: <64872879-885d-b7de-7224-73ab91a3bf12@gmail.com>
Date: Sun, 10 Nov 2019 01:23:03 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:60.0) Gecko/20100101
	Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <PS2P216MB0179B7D2ADEA7CB544F7F90C9D7A0@PS2P216MB0179.KORP216.PROD.OUTLOOK.COM>
Content-Type: multipart/alternative;
	boundary="------------D4B42D5443B463A21A42AA27"
Content-Language: fr
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE, T_REMOTE_IMAGE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Sun, 10 Nov 2019 00:49:05 +0000
Cc: "security@bitcoincore.org" <security@bitcoincore.org>
Subject: Re: [bitcoin-dev] CVE-2017-18350 disclosure
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Nov 2019 00:23:09 -0000

This is a multi-part message in MIME format.
--------------D4B42D5443B463A21A42AA27
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit

Do not find excuses (and vague statements or technical bulls) and learn,
you don't know what you are talking about and don't get the global
picture, we don't care about the Tor network and they don't care about
others neither do they care that they increase their network, so indeed
let's stop this discussion


Just replying here (for the last time) because expecting more clever
thoughts about what I wrote, maybe one day... but for sure something
like this will happen in the future


Le 09/11/2019 à 21:21, LORD HIS EXCELLENCY JAMES HRMH a écrit :
> We do not need to discuss this back and forward publickly. I am not
> concerned whether Tors seems or is much centralised or not, it is not
> the concern of m statements, and it required directory nodes of which
> there are several and we could discuss the operation of its nodes and
> infrastructure all day, even comparing directory nodes to seed nodes.
> The fact is that browsing is the most common publicly understood usage
> of Tor but like with and without Tor the internet provides many services.
>
> It seems you have misunderstood the reason I reference making so many
> Tor nodes also but do not concern I will no reiterate. Also, whether
> Tor can provide for the bandwidth and connectivity required for
> Bitcoin you have not tested and provide only your opinion, where it
> seems that actually it can. The matter is that Tor carries Bitcoin
> traffic quite easily now and in fact as there is more Bitcoin traffic
> likely the Tor capacity increases in some proportion.
>
> Also, socks proxy is not a door in, it is a door out, do you realise
> but just works at a different network layer to HTTP proxy which works
> at layer 7 of the OSI model and Socks a bit lower?
>
> I have had some communication difficulty before where the native
> language is not English and although the communication happens in
> native English the though is still being formed in another language
> and so the presentation of the thought is not clear to the English
> presentation. Even if not this I do not consider wrong just that we
> write to consider not the same thing.
>
> Good day.
>
> Regards,
> LORD HIS EXCELLENCY JAMES HRMH
>
>
> ------------------------------------------------------------------------
> *From:* Aymeric Vitte <vitteaymeric@gmail.com>
> *Sent:* Sunday, 10 November 2019 6:33 AM
> *To:* LORD HIS EXCELLENCY JAMES HRMH <willtech@live.com.au>; Bitcoin
> Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>; Luke
> Dashjr <luke@dashjr.org>
> *Cc:* security@bitcoincore.org <security@bitcoincore.org>
> *Subject:* Re: [bitcoin-dev] CVE-2017-18350 disclosure
>  
>
> ???
>
>
> Well, you obviously don't know what you are talking about and did not
> even consider reading correctly what I wrote, neither to read node-Tor
>
>
> What you are saying here is quite trivial, typical of people thinking
> that the Tor network will solve everything and is not centralized (but
> you seem unsure about it), that's not the case, it's completely wrong
> and the "normal" use of the Tor network is for browsing only,
> basically the Tor network is still the same since years: 1000 guards,
> 1000 relays, 1000 exits (so not "hundreds", happier, and there are of
> course intersections between them, knowing that they are the supposed
> working nodes as tested by node-Tor), quite small at the end with
> finally many misbehaving nodes among the 3000 set, not at all able or
> willing to handle bitcoin nodes load
>
>
> Using bitcoin with the Tor network is absurd, using socks proxy with
> bitcoin is absurd too (I don't get the comparison with a http proxy,
> nothing to do),  except if limited to a local use, ie you socks proxy
> inside your device, for example to pipe to node-Tor, but this remains
> as a whole dangerous if the local proxy has been hacked, as we could
> see recently with malware Tor sw being used by people
>
>
> Using the Tor protocol for bitcoin is not absurd at all (do you
> understand the difference?) + browsers, webRTC, etc I will not repeat
> what I wrote
>
>
> Please do some readings or consider at least what I sent, or ask
> questions if what I am saying is unclear for you
>
>
> But from my standpoint the discussion on this list is not about
> explaining all of this that is probably well known by everybody but
> what can/could be next to anonymize/help anonymizing bitcoin
>
>  when required and make it a real p2p network
>
>
> Unfortunately I am afraid that we get moderated here because that's
> not the place to give basic lessons about Tor that you don't know
>
>
> Le 09/11/2019 à 12:42, LORD HIS EXCELLENCY JAMES HRMH a écrit :
>> Socks proxies have their use in controlled gateway infrastructure and
>> is a relevant feature for any software required to operate behind a
>> secure network boundary and allows for UDP connectivity (whether it
>> is utilised in any particular application) which a HTTP proxy does not.
>>
>> You are obviously not well abreast of the Tor project, regardless of
>> whether it seems centralised, whether it is or it isn't, the Tor
>> project is to allow anonymity and connection privacy. For this it
>> works very well and there seem to be hundreds of known Tor nodes, to
>> be known they are not isolated and are connected.
>>
>> Even if an exit node performs all logging it is only aware of the
>> node one hop up but the originator is higher still. In the case where
>> we perform a Tor cluster and make hundreds of guard, middle and exit
>> nodes we still cannot with absolute certainty say that the connecting
>> node is the originator and, the eventual Bitcoin node is still
>> unaware of the originator IP which is the primary objective.
>> Otherwise, can you hide your IP from your ISP would be a better goal?
>>
>> You may prefer to familiarise yourself first with the history of Tor,
>> even a brief from [WikipediaTor_(anonymity_network)
>> <https://en.wikipedia.org/wiki/Tor_(anonymity_network)>](https://en.wikipedia.org/wiki/Tor_(anonymity_network))
>> and consider some of the possible uses, and consider how its
>> implementation benefits the privacy and anonymity of Bitcoin in
>> public where it is allowed in many countries; Tor is just as useful
>> in countries where Bitcoin is allowed to hide from third-parties. You
>> may also enjoy an example of activating Bitcoin Cores Tor
>> implementation: [How can I setup Bitcoin to be anonymous with
>> Tor?](https://bitcoin.stackexchange.com/questions/70069/how-can-i-setup-bitcoin-to-be-anonymous-with-tor/70070#70070)
>> <https://en.wikipedia.org/wiki/Tor_(anonymity_network)>
>> 	
>> Tor (anonymity network) - Wikipedia
>> <https://en.wikipedia.org/wiki/Tor_(anonymity_network)>
>> Tor is free and open-source software for enabling anonymous
>> communication.The name is derived from an acronym for the original
>> software project name "The Onion Router". Tor directs Internet
>> traffic through a free, worldwide, volunteer overlay network
>> consisting of more than seven thousand relays to conceal a user's
>> location and usage from anyone conducting network surveillance or
>> traffic analysis.
>> en.wikipedia.org
>>
>>
>> <https://bitcoin.stackexchange.com/questions/70069/how-can-i-setup-bitcoin-to-be-anonymous-with-tor/70070#70070>
>> 	
>> bitcoind - How can I setup Bitcoin to be anonymous with Tor? -
>> Bitcoin Stack Exchange
>> <https://bitcoin.stackexchange.com/questions/70069/how-can-i-setup-bitcoin-to-be-anonymous-with-tor/70070#70070>
>> Bitcoin is billed as many things, among them its anonymity is highly
>> regarded. While it is true that a transaction does not identify a
>> user or wallet, recent news shows that there is the potential ...
>> bitcoin.stackexchange.com
>>
>>
>>
>> There should be no rational consideration that gives rise to reducing
>> Tor connectivity, possibly v3 integration will be coming along.
>>
>> Regards,
>> LORD HIS EXCELLENCY JAMES HRMH
>>
>>
>> ------------------------------------------------------------------------
>> *From:* Aymeric Vitte <vitteaymeric@gmail.com>
>> <mailto:vitteaymeric@gmail.com>
>> *Sent:* Saturday, 9 November 2019 6:40 AM
>> *To:* LORD HIS EXCELLENCY JAMES HRMH <willtech@live.com.au>
>> <mailto:willtech@live.com.au>; Bitcoin Protocol Discussion
>> <bitcoin-dev@lists.linuxfoundation.org>
>> <mailto:bitcoin-dev@lists.linuxfoundation.org>; Luke Dashjr
>> <luke@dashjr.org> <mailto:luke@dashjr.org>
>> *Cc:* security@bitcoincore.org <mailto:security@bitcoincore.org>
>> <security@bitcoincore.org> <mailto:security@bitcoincore.org>
>> *Subject:* Re: [bitcoin-dev] CVE-2017-18350 disclosure
>>  
>>
>> Sure, but what is questionable here is the use of SOCKS proxy, for
>> Tor I think as the main purpose, making it dangerous for the "whole
>> bitcoin world" while it's something like of zero interest/use (or
>> please let me know what it is beside Tor)
>>
>> The Tor network is very centralized and not designed at all to handle
>> p2p networks (which bitcoin is still not), it is designed to be used
>> via the Tor Browser to browse the web and to hide web servers, not
>> bitcoin nodes, and there are a lot of misbehaving/dangerous nodes
>> there, there is no encryption in bitcoin protocol, an exit node can
>> fake whatever it likes, this seems to be a use case as far as I can
>> see, but even if the initiator is configured to connect to a hidden
>> bitcoin node, I don't see the point
>>
>> I have advertised recentlty the open sourcing of node-Tor
>> (https://github.com/Ayms/node-Tor) here
>>
>> This one is designed for p2p, not over the Tor network but using the
>> Tor protocol, as simple as bitcoin.pipe(node-Tor), or <any
>> protocol>.pipe(node-Tor), which is the finality of the project as far
>> as I see it since years (maybe see
>> http://www.peersm.com/Convergence.pdf
>> <http://www.peersm.com/Convergence.pdf> even if I would modify some
>> parts now)
>>
>> Inside servers or browsers acting as servers also (WebRTC or
>> WebSockets), bitcoin peers (servers/browsers) relaying the bitcoin
>> anonymized protocol using the Tor protocol (and not the Tor network)
>> between each others, there is no story of exit nodes here and rdv
>> points would not apply for bitcoin use, this "just" adds the internal
>> missing encryption and anonymity layer to the bitcoin protocol
>>
>> Personally I would remove the socks proxy interface from bitcoin
>> core, independently of Tor this can be misused too and offers
>> absolutely zero security
>>
>>
>> Le 08/11/2019 à 18:03, LORD HIS EXCELLENCY JAMES HRMH via bitcoin-dev
>> a écrit :
>>> It goes without saying in that all privately known CVE should be
>>> handled so professionally but, that is, well done team.
>>>
>>> Regards,
>>> LORD HIS EXCELLENCY JAMES HRMH
>>>
>>>
>>> ------------------------------------------------------------------------
>>> *From:* bitcoin-dev-bounces@lists.linuxfoundation.org
>>> <mailto:bitcoin-dev-bounces@lists.linuxfoundation.org>
>>> <bitcoin-dev-bounces@lists.linuxfoundation.org>
>>> <mailto:bitcoin-dev-bounces@lists.linuxfoundation.org> on behalf of
>>> Luke Dashjr via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
>>> <mailto:bitcoin-dev@lists.linuxfoundation.org>
>>> *Sent:* Saturday, 9 November 2019 2:07 AM
>>> *To:* bitcoin-dev@lists.linuxfoundation.org
>>> <mailto:bitcoin-dev@lists.linuxfoundation.org>
>>> <bitcoin-dev@lists.linuxfoundation.org>
>>> <mailto:bitcoin-dev@lists.linuxfoundation.org>
>>> *Cc:* security@bitcoincore.org <mailto:security@bitcoincore.org>
>>> <security@bitcoincore.org> <mailto:security@bitcoincore.org>
>>> *Subject:* [bitcoin-dev] CVE-2017-18350 disclosure
>>>  
>>> CVE-2017-18350 is a buffer overflow vulnerability which allows a
>>> malicious
>>> SOCKS proxy server to overwrite the program stack on systems with a
>>> signed
>>> `char` type (including common 32-bit and 64-bit x86 PCs).
>>>
>>> The vulnerability was introduced in
>>> 60a87bce873ce1f76a80b7b8546e83a0cd4e07a5
>>> (SOCKS5 support) and first released in Bitcoin Core v0.7.0rc1 in
>>> 2012 Aug 27.
>>> A fix was hidden in d90a00eabed0f3f1acea4834ad489484d0012372
>>> ("Improve and
>>> document SOCKS code") released in v0.15.1, 2017 Nov 6.
>>>
>>> To be vulnerable, the node must be configured to use such a
>>> malicious proxy in
>>> the first place. Note that using *any* proxy over an insecure
>>> network (such
>>> as the Internet) is potentially a vulnerability since the connection
>>> could be
>>> intercepted for such a purpose.
>>>
>>> Upon a connection request from the node, the malicious proxy would
>>> respond
>>> with an acknowledgement of a different target domain name than the one
>>> requested. Normally this acknowledgement is entirely ignored, but if
>>> the
>>> length uses the high bit (ie, a length 128-255 inclusive), it will be
>>> interpreted by vulnerable versions as a negative number instead.
>>> When the
>>> negative number is passed to the recv() system call to read the
>>> domain name,
>>> it is converted back to an unsigned/positive number, but at a much
>>> wider size
>>> (typically 32-bit), resulting in an effectively infinite read into
>>> and beyond
>>> the 256-byte dummy stack buffer.
>>>
>>> To fix this vulnerability, the dummy buffer was changed to an
>>> explicitly
>>> unsigned data type, avoiding the conversion to/from a negative number.
>>>
>>> Credit goes to practicalswift (https://twitter.com/practicalswift) for
>>> discovering and providing the initial fix for the vulnerability, and
>>> Wladimir
>>> J. van der Laan for a disguised version of the fix as well as
>>> general cleanup
>>> to the at-risk code.
>>>
>>> Timeline:
>>> - 2012-04-01: Vulnerability introduced in PR #1141.
>>> - 2012-05-08: Vulnerability merged to master git repository.
>>> - 2012-08-27: Vulnerability published in v0.7.0rc1.
>>> - 2012-09-17: Vulnerability released in v0.7.0.
>>> ...
>>> - 2017-09-21: practicalswift discloses vulnerability to security team.
>>> - 2017-09-23: Wladimir opens PR #11397 to quietly fix vulernability.
>>> - 2017-09-27: Fix merged to master git repository.
>>> - 2017-10-18: Fix merged to 0.15 git repository.
>>> - 2017-11-04: Fix published in v0.15.1rc1.
>>> - 2017-11-09: Fix released in v0.15.1.
>>> ...
>>> - 2019-06-22: Vulnerability existence disclosed to bitcoin-dev ML.
>>> - 2019-11-08: Vulnerability details disclosure to bitcoin-dev ML.
>>> _______________________________________________
>>> bitcoin-dev mailing list
>>> bitcoin-dev@lists.linuxfoundation.org
>>> <mailto:bitcoin-dev@lists.linuxfoundation.org>
>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>>
>>> _______________________________________________
>>> bitcoin-dev mailing list
>>> bitcoin-dev@lists.linuxfoundation.org <mailto:bitcoin-dev@lists.linuxfoundation.org>
>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
-- 
Move your coins by yourself (browser version): https://peersm.com/wallet
Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions
Zcash wallets made simple: https://github.com/Ayms/zcash-wallets
Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets
Get the torrent dynamic blocklist: http://peersm.com/getblocklist
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms


--------------D4B42D5443B463A21A42AA27
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html;
      charset=windows-1252">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Do not find excuses (and vague statements or technical bulls) and
      learn, you don't know what you are talking about and don't get the
      global picture, we don't care about the Tor network and they don't
      care about others neither do they care that they increase their
      network, so indeed let's stop this discussion</p>
    <p><br>
    </p>
    <p>Just replying here (for the last time) because expecting more
      clever thoughts about what I wrote, maybe one day... but for sure
      something like this will happen in the future<br>
    </p>
    <p><br>
    </p>
    <div class="moz-cite-prefix">Le 09/11/2019 à 21:21, LORD HIS
      EXCELLENCY JAMES HRMH a écrit :<br>
    </div>
    <blockquote type="cite"
cite="mid:PS2P216MB0179B7D2ADEA7CB544F7F90C9D7A0@PS2P216MB0179.KORP216.PROD.OUTLOOK.COM">
      <meta http-equiv="Content-Type" content="text/html;
        charset=windows-1252">
      <style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        We do not need to discuss this back and forward publickly. I am
        not concerned whether Tors seems or is much centralised or not,
        it is not the concern of m statements, and it required directory
        nodes of which there are several and we could discuss the
        operation of its nodes and infrastructure all day, even
        comparing directory nodes to seed nodes. The fact is that
        browsing is the most common publicly understood usage of Tor but
        like with and without Tor the internet provides many services.</div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        <br>
      </div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        It seems you have misunderstood the reason I reference making so
        many Tor nodes also but do not concern I will no reiterate.
        Also, whether Tor can provide for the bandwidth and connectivity
        required for Bitcoin you have not tested and provide only your
        opinion, where it seems that actually it can. The matter is that
        Tor carries Bitcoin traffic quite easily now and in fact as
        there is more Bitcoin traffic likely the Tor capacity increases
        in some proportion.<br>
      </div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        <br>
      </div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        Also, socks proxy is not a door in, it is a door out, do you
        realise but just works at a different network layer to HTTP
        proxy which works at layer 7 of the OSI model and Socks a bit
        lower?</div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        <br>
      </div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        I have had some communication difficulty before where the native
        language is not English and although the communication happens
        in native English the though is still being formed in another
        language and so the presentation of the thought is not clear to
        the English presentation. Even if not this I do not consider
        wrong just that we write to consider not the same thing.</div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        <br>
      </div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        Good day.<br>
      </div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        <br>
      </div>
      <div id="Signature">
        <div style="font-family:Calibri,Helvetica,sans-serif;
          font-size:12pt; color:rgb(0,0,0)">
          Regards,</div>
        <div style="font-family:Calibri,Helvetica,sans-serif;
          font-size:12pt; color:rgb(0,0,0)">
          LORD HIS EXCELLENCY JAMES HRMH</div>
        <div style="font-family:Calibri,Helvetica,sans-serif;
          font-size:12pt; color:rgb(0,0,0)">
          <div><br>
          </div>
        </div>
        <div>
          <div style="font-family:Calibri,Helvetica,sans-serif;
            font-size:12pt; color:rgb(0,0,0)">
            <br>
          </div>
          <hr tabindex="-1" style="display:inline-block; width:98%">
          <div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
              face="Calibri, sans-serif" color="#000000"><b>From:</b>
              Aymeric Vitte <a class="moz-txt-link-rfc2396E" href="mailto:vitteaymeric@gmail.com">&lt;vitteaymeric@gmail.com&gt;</a><br>
              <b>Sent:</b> Sunday, 10 November 2019 6:33 AM<br>
              <b>To:</b> LORD HIS EXCELLENCY JAMES HRMH
              <a class="moz-txt-link-rfc2396E" href="mailto:willtech@live.com.au">&lt;willtech@live.com.au&gt;</a>; Bitcoin Protocol Discussion
              <a class="moz-txt-link-rfc2396E" href="mailto:bitcoin-dev@lists.linuxfoundation.org">&lt;bitcoin-dev@lists.linuxfoundation.org&gt;</a>; Luke Dashjr
              <a class="moz-txt-link-rfc2396E" href="mailto:luke@dashjr.org">&lt;luke@dashjr.org&gt;</a><br>
              <b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:security@bitcoincore.org">security@bitcoincore.org</a>
              <a class="moz-txt-link-rfc2396E" href="mailto:security@bitcoincore.org">&lt;security@bitcoincore.org&gt;</a><br>
              <b>Subject:</b> Re: [bitcoin-dev] CVE-2017-18350
              disclosure</font>
            <div> </div>
          </div>
          <div style="background-color:#FFFFFF">
            <p style="margin-top: 0px; margin-bottom: 0px;">???<br>
            </p>
            <p style="margin-top: 0px; margin-bottom: 0px;"><br>
            </p>
            <p style="margin-top: 0px; margin-bottom: 0px;">Well, you
              obviously don't know what you are talking about and did
              not even consider reading correctly what I wrote, neither
              to read node-Tor<br>
            </p>
            <p style="margin-top: 0px; margin-bottom: 0px;"><br>
            </p>
            <p style="margin-top: 0px; margin-bottom: 0px;">What you are
              saying here is quite trivial, typical of people thinking
              that the Tor network will solve everything and is not
              centralized (but you seem unsure about it), that's not the
              case, it's completely wrong and the "normal" use of the
              Tor network is for browsing only, basically the Tor
              network is still the same since years: 1000 guards, 1000
              relays, 1000 exits (so not "hundreds", happier, and there
              are of course intersections between them, knowing that
              they are the supposed working nodes as tested by
              node-Tor), quite small at the end with finally many
              misbehaving nodes among the 3000 set, not at all able or
              willing to handle bitcoin nodes load</p>
            <p style="margin-top: 0px; margin-bottom: 0px;"><br>
            </p>
            <p style="margin-top: 0px; margin-bottom: 0px;">Using
              bitcoin with the Tor network is absurd, using socks proxy
              with bitcoin is absurd too (I don't get the comparison
              with a http proxy, nothing to do),  except if limited to a
              local use, ie you socks proxy inside your device, for
              example to pipe to node-Tor, but this remains as a whole
              dangerous if the local proxy has been hacked, as we could
              see recently with malware Tor sw being used by people<br>
            </p>
            <p style="margin-top: 0px; margin-bottom: 0px;"><br>
            </p>
            <p style="margin-top: 0px; margin-bottom: 0px;">Using the
              Tor protocol for bitcoin is not absurd at all (do you
              understand the difference?) + browsers, webRTC, etc I will
              not repeat what I wrote<br>
            </p>
            <p style="margin-top: 0px; margin-bottom: 0px;"><br>
            </p>
            <p style="margin-top: 0px; margin-bottom: 0px;">Please do
              some readings or consider at least what I sent, or ask
              questions if what I am saying is unclear for you<br>
            </p>
            <p style="margin-top: 0px; margin-bottom: 0px;"><br>
            </p>
            <p style="margin-top: 0px; margin-bottom: 0px;">But from my
              standpoint the discussion on this list is not about
              explaining all of this that is probably well known by
              everybody but what can/could be next to anonymize/help
              anonymizing bitcoin<br>
            </p>
            <p style="margin-top: 0px; margin-bottom: 0px;"> when
              required and make it a real p2p network</p>
            <p style="margin-top: 0px; margin-bottom: 0px;"><br>
            </p>
            <p style="margin-top: 0px; margin-bottom: 0px;">Unfortunately
              I am afraid that we get moderated here because that's not
              the place to give basic lessons about Tor that you don't
              know<br>
            </p>
            <p style="margin-top: 0px; margin-bottom: 0px;"><br>
            </p>
            <div class="x_moz-cite-prefix">Le 09/11/2019 à 12:42, LORD
              HIS EXCELLENCY JAMES HRMH a écrit :<br>
            </div>
            <blockquote type="cite">
              <div style="font-family:Calibri,Helvetica,sans-serif;
                font-size:12pt; color:rgb(0,0,0)">
                Socks proxies have their use in controlled gateway
                infrastructure and is a relevant feature for any
                software required to operate behind a secure network
                boundary and allows for UDP connectivity (whether it is
                utilised in any particular application) which a HTTP
                proxy does not.<br>
              </div>
              <div style="font-family:Calibri,Helvetica,sans-serif;
                font-size:12pt; color:rgb(0,0,0)">
                <br>
              </div>
              <div style="font-family:Calibri,Helvetica,sans-serif;
                font-size:12pt; color:rgb(0,0,0)">
                You are obviously not well abreast of the Tor project,
                regardless of whether it seems centralised, whether it
                is or it isn't, the Tor project is to allow anonymity
                and connection privacy. For this it works very well and
                there seem to be hundreds of known Tor nodes, to be
                known they are not isolated and are connected. <br>
              </div>
              <div style="font-family:Calibri,Helvetica,sans-serif;
                font-size:12pt; color:rgb(0,0,0)">
                <br>
              </div>
              <div style="font-family:Calibri,Helvetica,sans-serif;
                font-size:12pt; color:rgb(0,0,0)">
                Even if an exit node performs all logging it is only
                aware of the node one hop up but the originator is
                higher still. In the case where we perform a Tor cluster
                and make hundreds of guard, middle and exit nodes we
                still cannot with absolute certainty say that the
                connecting node is the originator and, the eventual
                Bitcoin node is still unaware of the originator IP which
                is the primary objective. Otherwise, can you hide your
                IP from your ISP would be a better goal?<br>
              </div>
              <div style="font-family:Calibri,Helvetica,sans-serif;
                font-size:12pt; color:rgb(0,0,0)">
                <br>
              </div>
              <div style="font-family:Calibri,Helvetica,sans-serif;
                font-size:12pt; color:rgb(0,0,0)">
                You may prefer to familiarise yourself first with the
                history of Tor, even a brief from [Wikipedia<a
                  href="https://en.wikipedia.org/wiki/Tor_(anonymity_network)"
                  id="LPlnk148779" moz-do-not-send="true">Tor_(anonymity_network)</a>](<a
href="https://en.wikipedia.org/wiki/Tor_(anonymity_network)"
                  id="LPlnk554810" moz-do-not-send="true">https://en.wikipedia.org/wiki/Tor_(anonymity_network)</a>)
                and consider some of the possible uses, and consider how
                its implementation benefits the privacy and anonymity of
                Bitcoin in public where it is allowed in many countries;
                Tor is just as useful in countries where Bitcoin is
                allowed to hide from third-parties. You may also enjoy
                an example of activating Bitcoin Cores Tor
                implementation: [How can I setup Bitcoin to be anonymous
                with Tor?](<a
href="https://bitcoin.stackexchange.com/questions/70069/how-can-i-setup-bitcoin-to-be-anonymous-with-tor/70070#70070"
                  id="LPlnk581878" moz-do-not-send="true">https://bitcoin.stackexchange.com/questions/70069/how-can-i-setup-bitcoin-to-be-anonymous-with-tor/70070#70070</a>)<br>
              </div>
              <div
id="LPBorder_GTaHR0cHM6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvVG9yXyhhbm9ueW1pdHlfbmV0d29yayk."
                class="x_LPBorder504072" style="width: 100%; margin-top:
                16px; margin-bottom: 16px; max-width: 800px; min-width:
                424px; position: relative;">
                <table id="LPContainer504072" role="presentation"
                  style="padding:12px 36px 12px 12px; width:100%;
                  border-width:1px; border-style:solid;
                  border-color:rgb(200,200,200); border-radius:2px">
                  <tbody>
                    <tr style="border-spacing:0px" valign="top">
                      <td>
                        <div id="LPImageContainer504072"
                          style="margin-right: 12px; height: 145px;
                          overflow: hidden; width: 240px; position:
                          relative;">
                          <a target="_blank" id="LPImageAnchor504072"
                            href="https://en.wikipedia.org/wiki/Tor_(anonymity_network)"
                            moz-do-not-send="true"><img
                              id="LPThumbnailImageId504072" alt=""
                              style="display:block"
src="https://upload.wikimedia.org/wikipedia/commons/thumb/1/15/Tor-logo-2011-flat.svg/1200px-Tor-logo-2011-flat.svg.png"
                              moz-do-not-send="true" width="240"
                              height="145"></a></div>
                      </td>
                      <td style="width:100%">
                        <div id="LPTitle504072" style=""><a
                            target="_blank" id="LPUrlAnchor504072"
                            href="https://en.wikipedia.org/wiki/Tor_(anonymity_network)"
                            style="text-decoration:none"
                            moz-do-not-send="true">Tor (anonymity
                            network) - Wikipedia</a></div>
                        <div id="LPDescription504072"
                          style="font-size:14px; max-height:100px;
                          color:rgb(102,102,102);
                          font-family:&quot;wf_segoe-ui_normal&quot;,&quot;Segoe
                          UI&quot;,&quot;Segoe
                          WP&quot;,Tahoma,Arial,sans-serif;
                          margin-bottom:12px; margin-right:8px;
                          overflow:hidden">
                          Tor is free and open-source software for
                          enabling anonymous communication.The name is
                          derived from an acronym for the original
                          software project name "The Onion Router". Tor
                          directs Internet traffic through a free,
                          worldwide, volunteer overlay network
                          consisting of more than seven thousand relays
                          to conceal a user's location and usage from
                          anyone conducting network surveillance or
                          traffic analysis.</div>
                        <div id="LPMetadata504072"
                          style="font-size:14px; font-weight:400;
                          color:rgb(166,166,166);
                          font-family:&quot;wf_segoe-ui_normal&quot;,&quot;Segoe
                          UI&quot;,&quot;Segoe
                          WP&quot;,Tahoma,Arial,sans-serif">
                          en.wikipedia.org</div>
                      </td>
                    </tr>
                  </tbody>
                </table>
              </div>
              <br>
              <div
id="LPBorder_GTaHR0cHM6Ly9iaXRjb2luLnN0YWNrZXhjaGFuZ2UuY29tL3F1ZXN0aW9ucy83MDA2OS9ob3ctY2FuLWktc2V0dXAtYml0Y29pbi10by1iZS1hbm9ueW1vdXMtd2l0aC10b3IvNzAwNzAjNzAwNzA."
                class="x_LPBorder646570" style="width: 100%; margin-top:
                16px; margin-bottom: 16px; max-width: 800px; min-width:
                424px; position: relative;">
                <table id="LPContainer646570" role="presentation"
                  style="padding:12px 36px 12px 12px; width:100%;
                  border-width:1px; border-style:solid;
                  border-color:rgb(200,200,200); border-radius:2px">
                  <tbody>
                    <tr style="border-spacing:0px" valign="top">
                      <td>
                        <div id="LPImageContainer646570"
                          style="margin-right: 12px; height: 160px;
                          overflow: hidden; position: relative;">
                          <a target="_blank" id="LPImageAnchor646570"
href="https://bitcoin.stackexchange.com/questions/70069/how-can-i-setup-bitcoin-to-be-anonymous-with-tor/70070#70070"
                            moz-do-not-send="true"><img
                              id="LPThumbnailImageId646570" alt=""
                              style="display:block"
src="https://cdn.sstatic.net/Sites/bitcoin/img/apple-touch-icon@2.png?v=462e8b9b382b"
                              moz-do-not-send="true" width="160"
                              height="160"></a></div>
                      </td>
                      <td style="width:100%">
                        <div id="LPTitle646570" style=""><a
                            target="_blank" id="LPUrlAnchor646570"
href="https://bitcoin.stackexchange.com/questions/70069/how-can-i-setup-bitcoin-to-be-anonymous-with-tor/70070#70070"
                            style="text-decoration:none"
                            moz-do-not-send="true">bitcoind - How can I
                            setup Bitcoin to be anonymous with Tor? -
                            Bitcoin Stack Exchange</a></div>
                        <div id="LPDescription646570"
                          style="font-size:14px; max-height:100px;
                          color:rgb(102,102,102);
                          font-family:&quot;wf_segoe-ui_normal&quot;,&quot;Segoe
                          UI&quot;,&quot;Segoe
                          WP&quot;,Tahoma,Arial,sans-serif;
                          margin-bottom:12px; margin-right:8px;
                          overflow:hidden">
                          Bitcoin is billed as many things, among them
                          its anonymity is highly regarded. While it is
                          true that a transaction does not identify a
                          user or wallet, recent news shows that there
                          is the potential ...</div>
                        <div id="LPMetadata646570"
                          style="font-size:14px; font-weight:400;
                          color:rgb(166,166,166);
                          font-family:&quot;wf_segoe-ui_normal&quot;,&quot;Segoe
                          UI&quot;,&quot;Segoe
                          WP&quot;,Tahoma,Arial,sans-serif">
                          bitcoin.stackexchange.com</div>
                      </td>
                    </tr>
                  </tbody>
                </table>
              </div>
              <br>
              <div style="font-family:Calibri,Helvetica,sans-serif;
                font-size:12pt; color:rgb(0,0,0)">
                <br>
              </div>
              <div style="font-family:Calibri,Helvetica,sans-serif;
                font-size:12pt; color:rgb(0,0,0)">
                There should be no rational consideration that gives
                rise to reducing Tor connectivity, possibly v3
                integration will be coming along.<br>
              </div>
              <div style="font-family:Calibri,Helvetica,sans-serif;
                font-size:12pt; color:rgb(0,0,0)">
                <br>
              </div>
              <div id="x_Signature">
                <div style="font-family:Calibri,Helvetica,sans-serif;
                  font-size:12pt; color:rgb(0,0,0)">
                  Rega<span
                    style="font-family:Calibri,Helvetica,sans-serif">rds,</span></div>
                <span style="font-family:Calibri,Helvetica,sans-serif">LORD
                  HIS EXCELLENCY JAMES HRMH</span><br>
                <div><br>
                </div>
                <div>
                  <div style="font-family:Calibri,Helvetica,sans-serif;
                    font-size:12pt; color:rgb(0,0,0)">
                    <br>
                  </div>
                  <hr tabindex="-1" style="display:inline-block;
                    width:98%">
                  <div id="x_divRplyFwdMsg" dir="ltr"><font
                      style="font-size:11pt" face="Calibri, sans-serif"
                      color="#000000"><b>From:</b> Aymeric Vitte
                      <a class="x_moz-txt-link-rfc2396E"
                        href="mailto:vitteaymeric@gmail.com"
                        moz-do-not-send="true">&lt;vitteaymeric@gmail.com&gt;</a><br>
                      <b>Sent:</b> Saturday, 9 November 2019 6:40 AM<br>
                      <b>To:</b> LORD HIS EXCELLENCY JAMES HRMH <a
                        class="x_moz-txt-link-rfc2396E"
                        href="mailto:willtech@live.com.au"
                        moz-do-not-send="true">
                        &lt;willtech@live.com.au&gt;</a>; Bitcoin
                      Protocol Discussion <a
                        class="x_moz-txt-link-rfc2396E"
                        href="mailto:bitcoin-dev@lists.linuxfoundation.org"
                        moz-do-not-send="true">
                        &lt;bitcoin-dev@lists.linuxfoundation.org&gt;</a>;
                      Luke Dashjr <a class="x_moz-txt-link-rfc2396E"
                        href="mailto:luke@dashjr.org"
                        moz-do-not-send="true">
                        &lt;luke@dashjr.org&gt;</a><br>
                      <b>Cc:</b> <a class="x_moz-txt-link-abbreviated"
                        href="mailto:security@bitcoincore.org"
                        moz-do-not-send="true">
                        security@bitcoincore.org</a> <a
                        class="x_moz-txt-link-rfc2396E"
                        href="mailto:security@bitcoincore.org"
                        moz-do-not-send="true">
                        &lt;security@bitcoincore.org&gt;</a><br>
                      <b>Subject:</b> Re: [bitcoin-dev] CVE-2017-18350
                      disclosure</font>
                    <div> </div>
                  </div>
                  <div style="background-color:#FFFFFF">
                    <p style="margin-top: 0px; margin-bottom:
                      0px;margin-top:0px; margin-bottom:0px">
                      Sure, but what is questionable here is the use of
                      SOCKS proxy, for Tor I think as the main purpose,
                      making it dangerous for the "whole bitcoin world"
                      while it's something like of zero interest/use (or
                      please let me know what it is beside Tor)<br>
                      <br>
                      The Tor network is very centralized and not
                      designed at all to handle p2p networks (which
                      bitcoin is still not), it is designed to be used
                      via the Tor Browser to browse the web and to hide
                      web servers, not bitcoin nodes, and there are a
                      lot of misbehaving/dangerous nodes there, there is
                      no encryption in bitcoin protocol, an exit node
                      can fake whatever it likes, this seems to be a use
                      case as far as I can see, but even if the
                      initiator is configured to connect to a hidden
                      bitcoin node, I don't see the point<br>
                      <br>
                      I have advertised recentlty the open sourcing of
                      node-Tor (<a class="x_x_moz-txt-link-freetext"
                        href="https://github.com/Ayms/node-Tor"
                        moz-do-not-send="true">https://github.com/Ayms/node-Tor</a>)
                      here<br>
                      <br>
                      This one is designed for p2p, not over the Tor
                      network but using the Tor protocol, as simple as
                      bitcoin.pipe(node-Tor), or &lt;any
                      protocol&gt;.pipe(node-Tor), which is the finality
                      of the project as far as I see it since years
                      (maybe see
                      <a class="x_x_moz-txt-link-freetext"
                        href="http://www.peersm.com/Convergence.pdf"
                        moz-do-not-send="true">
                        http://www.peersm.com/Convergence.pdf</a> even
                      if I would modify some parts now)<br>
                      <br>
                      Inside servers or browsers acting as servers also
                      (WebRTC or WebSockets), bitcoin peers
                      (servers/browsers) relaying the bitcoin anonymized
                      protocol using the Tor protocol (and not the Tor
                      network) between each others, there is no story of
                      exit nodes here and rdv points would not apply for
                      bitcoin use, this "just" adds the internal missing
                      encryption and anonymity layer to the bitcoin
                      protocol<br>
                      <br>
                      Personally I would remove the socks proxy
                      interface from bitcoin core, independently of Tor
                      this can be misused too and offers absolutely zero
                      security<br>
                    </p>
                    <p style="margin-top: 0px; margin-bottom:
                      0px;margin-top:0px; margin-bottom:0px">
                      <br>
                    </p>
                    <div class="x_x_moz-cite-prefix">Le 08/11/2019 à
                      18:03, LORD HIS EXCELLENCY JAMES HRMH via
                      bitcoin-dev a écrit :<br>
                    </div>
                    <blockquote type="cite">
                      <div
                        style="font-family:Calibri,Helvetica,sans-serif;
                        font-size:12pt; color:rgb(0,0,0)">
                        It goes without saying in that all privately
                        known CVE should be handled so professionally
                        but, that is, well done team.<br>
                      </div>
                      <div
                        style="font-family:Calibri,Helvetica,sans-serif;
                        font-size:12pt; color:rgb(0,0,0)">
                        <br>
                      </div>
                      <div id="x_x_Signature">
                        <div
                          style="font-family:Calibri,Helvetica,sans-serif;
                          font-size:12pt; color:rgb(0,0,0)">
                          Regards,</div>
                        <div
                          style="font-family:Calibri,Helvetica,sans-serif;
                          font-size:12pt; color:rgb(0,0,0)">
                          LORD HIS EXCELLENCY JAMES HRMH<br>
                        </div>
                        <br>
                        <br>
                        <div>
                          <hr tabindex="-1" style="display:inline-block;
                            width:98%">
                          <div id="x_x_divRplyFwdMsg" dir="ltr"><font
                              style="font-size:11pt" face="Calibri,
                              sans-serif" color="#000000"><b>From:</b>
                              <a class="x_x_moz-txt-link-abbreviated"
                                href="mailto:bitcoin-dev-bounces@lists.linuxfoundation.org"
                                moz-do-not-send="true">
bitcoin-dev-bounces@lists.linuxfoundation.org</a> <a
                                class="x_x_moz-txt-link-rfc2396E"
                                href="mailto:bitcoin-dev-bounces@lists.linuxfoundation.org"
                                moz-do-not-send="true">
&lt;bitcoin-dev-bounces@lists.linuxfoundation.org&gt;</a> on behalf of
                              Luke Dashjr via bitcoin-dev
                              <a class="x_x_moz-txt-link-rfc2396E"
                                href="mailto:bitcoin-dev@lists.linuxfoundation.org"
                                moz-do-not-send="true">
&lt;bitcoin-dev@lists.linuxfoundation.org&gt;</a><br>
                              <b>Sent:</b> Saturday, 9 November 2019
                              2:07 AM<br>
                              <b>To:</b> <a
                                class="x_x_moz-txt-link-abbreviated"
                                href="mailto:bitcoin-dev@lists.linuxfoundation.org"
                                moz-do-not-send="true">
                                bitcoin-dev@lists.linuxfoundation.org</a>
                              <a class="x_x_moz-txt-link-rfc2396E"
                                href="mailto:bitcoin-dev@lists.linuxfoundation.org"
                                moz-do-not-send="true">
&lt;bitcoin-dev@lists.linuxfoundation.org&gt;</a><br>
                              <b>Cc:</b> <a
                                class="x_x_moz-txt-link-abbreviated"
                                href="mailto:security@bitcoincore.org"
                                moz-do-not-send="true">
                                security@bitcoincore.org</a> <a
                                class="x_x_moz-txt-link-rfc2396E"
                                href="mailto:security@bitcoincore.org"
                                moz-do-not-send="true">
                                &lt;security@bitcoincore.org&gt;</a><br>
                              <b>Subject:</b> [bitcoin-dev]
                              CVE-2017-18350 disclosure</font>
                            <div> </div>
                          </div>
                          <div class="x_x_BodyFragment"><font size="2"><span
                                style="font-size:11pt">
                                <div class="x_x_PlainText">CVE-2017-18350
                                  is a buffer overflow vulnerability
                                  which allows a malicious
                                  <br>
                                  SOCKS proxy server to overwrite the
                                  program stack on systems with a signed
                                  <br>
                                  `char` type (including common 32-bit
                                  and 64-bit x86 PCs).<br>
                                  <br>
                                  The vulnerability was introduced in
                                  60a87bce873ce1f76a80b7b8546e83a0cd4e07a5
                                  <br>
                                  (SOCKS5 support) and first released in
                                  Bitcoin Core v0.7.0rc1 in 2012 Aug 27.<br>
                                  A fix was hidden in
                                  d90a00eabed0f3f1acea4834ad489484d0012372
                                  ("Improve and <br>
                                  document SOCKS code") released in
                                  v0.15.1, 2017 Nov 6.<br>
                                  <br>
                                  To be vulnerable, the node must be
                                  configured to use such a malicious
                                  proxy in <br>
                                  the first place. Note that using *any*
                                  proxy over an insecure network (such <br>
                                  as the Internet) is potentially a
                                  vulnerability since the connection
                                  could be <br>
                                  intercepted for such a purpose.<br>
                                  <br>
                                  Upon a connection request from the
                                  node, the malicious proxy would
                                  respond <br>
                                  with an acknowledgement of a different
                                  target domain name than the one<br>
                                  requested. Normally this
                                  acknowledgement is entirely ignored,
                                  but if the <br>
                                  length uses the high bit (ie, a length
                                  128-255 inclusive), it will be <br>
                                  interpreted by vulnerable versions as
                                  a negative number instead. When the <br>
                                  negative number is passed to the
                                  recv() system call to read the domain
                                  name, <br>
                                  it is converted back to an
                                  unsigned/positive number, but at a
                                  much wider size <br>
                                  (typically 32-bit), resulting in an
                                  effectively infinite read into and
                                  beyond <br>
                                  the 256-byte dummy stack buffer.<br>
                                  <br>
                                  To fix this vulnerability, the dummy
                                  buffer was changed to an explicitly <br>
                                  unsigned data type, avoiding the
                                  conversion to/from a negative number.<br>
                                  <br>
                                  Credit goes to practicalswift (<a
                                    href="https://twitter.com/practicalswift"
                                    moz-do-not-send="true">https://twitter.com/practicalswift</a>)
                                  for
                                  <br>
                                  discovering and providing the initial
                                  fix for the vulnerability, and
                                  Wladimir <br>
                                  J. van der Laan for a disguised
                                  version of the fix as well as general
                                  cleanup <br>
                                  to the at-risk code.<br>
                                  <br>
                                  Timeline:<br>
                                  - 2012-04-01: Vulnerability introduced
                                  in PR #1141.<br>
                                  - 2012-05-08: Vulnerability merged to
                                  master git repository.<br>
                                  - 2012-08-27: Vulnerability published
                                  in v0.7.0rc1.<br>
                                  - 2012-09-17: Vulnerability released
                                  in v0.7.0.<br>
                                  ...<br>
                                  - 2017-09-21: practicalswift discloses
                                  vulnerability to security team.<br>
                                  - 2017-09-23: Wladimir opens PR #11397
                                  to quietly fix vulernability.<br>
                                  - 2017-09-27: Fix merged to master git
                                  repository.<br>
                                  - 2017-10-18: Fix merged to 0.15 git
                                  repository.<br>
                                  - 2017-11-04: Fix published in
                                  v0.15.1rc1.<br>
                                  - 2017-11-09: Fix released in v0.15.1.<br>
                                  ...<br>
                                  - 2019-06-22: Vulnerability existence
                                  disclosed to bitcoin-dev ML.<br>
                                  - 2019-11-08: Vulnerability details
                                  disclosure to bitcoin-dev ML.<br>
_______________________________________________<br>
                                  bitcoin-dev mailing list<br>
                                  <a
                                    class="x_x_moz-txt-link-abbreviated"
href="mailto:bitcoin-dev@lists.linuxfoundation.org"
                                    moz-do-not-send="true">bitcoin-dev@lists.linuxfoundation.org</a><br>
                                  <a
                                    href="https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev"
                                    moz-do-not-send="true">https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev</a><br>
                                </div>
                              </span></font></div>
                        </div>
                      </div>
                      <br>
                      <fieldset class="x_x_mimeAttachmentHeader"></fieldset>
                      <pre class="x_x_moz-quote-pre">_______________________________________________
bitcoin-dev mailing list
<a class="x_x_moz-txt-link-abbreviated" href="mailto:bitcoin-dev@lists.linuxfoundation.org" moz-do-not-send="true">bitcoin-dev@lists.linuxfoundation.org</a>
<a class="x_x_moz-txt-link-freetext" href="https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" moz-do-not-send="true">https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev</a>
</pre>
                    </blockquote>
                  </div>
                </div>
              </div>
            </blockquote>
            <br>
          </div>
        </div>
      </div>
    </blockquote>
    <pre class="moz-signature" cols="72">-- 
Move your coins by yourself (browser version): <a class="moz-txt-link-freetext" href="https://peersm.com/wallet">https://peersm.com/wallet</a>
Bitcoin transactions made simple: <a class="moz-txt-link-freetext" href="https://github.com/Ayms/bitcoin-transactions">https://github.com/Ayms/bitcoin-transactions</a>
Zcash wallets made simple: <a class="moz-txt-link-freetext" href="https://github.com/Ayms/zcash-wallets">https://github.com/Ayms/zcash-wallets</a>
Bitcoin wallets made simple: <a class="moz-txt-link-freetext" href="https://github.com/Ayms/bitcoin-wallets">https://github.com/Ayms/bitcoin-wallets</a>
Get the torrent dynamic blocklist: <a class="moz-txt-link-freetext" href="http://peersm.com/getblocklist">http://peersm.com/getblocklist</a>
Check the 10 M passwords list: <a class="moz-txt-link-freetext" href="http://peersm.com/findmyass">http://peersm.com/findmyass</a>
Anti-spies and private torrents, dynamic blocklist: <a class="moz-txt-link-freetext" href="http://torrent-live.org">http://torrent-live.org</a>
Peersm : <a class="moz-txt-link-freetext" href="http://www.peersm.com">http://www.peersm.com</a>
torrent-live: <a class="moz-txt-link-freetext" href="https://github.com/Ayms/torrent-live">https://github.com/Ayms/torrent-live</a>
node-Tor : <a class="moz-txt-link-freetext" href="https://www.github.com/Ayms/node-Tor">https://www.github.com/Ayms/node-Tor</a>
GitHub : <a class="moz-txt-link-freetext" href="https://www.github.com/Ayms">https://www.github.com/Ayms</a></pre>
  </body>
</html>

--------------D4B42D5443B463A21A42AA27--