1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
Return-Path: <eric@voskuil.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id C4C2826C
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 30 Jun 2016 12:27:35 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wm0-f47.google.com (mail-wm0-f47.google.com [74.125.82.47])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2D60E131
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 30 Jun 2016 12:27:34 +0000 (UTC)
Received: by mail-wm0-f47.google.com with SMTP id v199so219184868wmv.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 30 Jun 2016 05:27:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=voskuil-org.20150623.gappssmtp.com; s=20150623;
h=mime-version:subject:from:in-reply-to:date:cc
:content-transfer-encoding:message-id:references:to;
bh=XHY/4PxN4Y+i8cc1xvX1bJa1ZvKLVwyXM5zq2QImcno=;
b=j5URA3avVERCQpjPsSLpu/8qU3jZeGm3Axg5CnxlUgSbCx1heDDmcFpUztWXF8xa5x
19zVIMAmvSwABcZqqsWrP4i3OkWI79QB6r++mL20wa3aIYLxV75FbNELOsXMs00ITxRu
ELTkp8rXHd8QbxNa6lsHxl5JGW5JHHPQyRK7Ra01WDntv+AdZxL1Vm14dZFb61uiG0Mq
D8fImWLiZHE4/CZcm4TiXh28b/V3evTpW7B9/K+LddlxHJVntP8Jlzf7jByUYrBPm5t4
hMahxfrO71gfMmH6P6phz9IGw0n7ylNsVwS5KPLRlB0Z+Hf1gS5z0UIT5W9GnQxZRhSs
8L1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
:content-transfer-encoding:message-id:references:to;
bh=XHY/4PxN4Y+i8cc1xvX1bJa1ZvKLVwyXM5zq2QImcno=;
b=YLCucY43QXnhvDz3e1W5wDv58b1NlzVU3p2+L64/nU+cFmAK4m3beHILuy4+NH/j4Y
qTdJEwtHt+ZXhJHCPeC7jHcvEki3e96SlT2MFHBZue3nFTg7w3pB8VNQtBwE7G1Rel77
lGFtJk3pQlMkNeSd8KS50OOOzac6C8m5Jdtj00qm+CdhdeJw05Ohqk8bS8Qo9oCjP8hQ
8w2zZD3639azRRosFxdE3wR8eOvDQ02AGCyr0n5LUB+pZuVmFAM3x2BbORXFi0FAUNj0
QDM+rt5VNNz1+7AJlvbBoPrb8Xfp9fQqdc9yAZslMJD0sJfJLcbPlfM5GAXjpresHPlk
/zaw==
X-Gm-Message-State: ALyK8tJwnrmrm7VlOejI5aXMPIi09DUZnD2sIxiT2EMwJFYWddllMsNb9uE/aYI7O1TAXw==
X-Received: by 10.194.86.38 with SMTP id m6mr15111598wjz.154.1467289652577;
Thu, 30 Jun 2016 05:27:32 -0700 (PDT)
Received: from [197.161.188.41] ([197.161.188.41])
by smtp.gmail.com with ESMTPSA id e5sm3318539wjj.10.2016.06.30.05.27.31
(version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Thu, 30 Jun 2016 05:27:31 -0700 (PDT)
Content-Type: text/plain;
charset=utf-8
Mime-Version: 1.0 (1.0)
From: Eric Voskuil <eric@voskuil.org>
X-Mailer: iPhone Mail (13F69)
In-Reply-To: <57750EAB.3020105@jonasschnelli.ch>
Date: Thu, 30 Jun 2016 14:27:30 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <426C2AA3-BFB8-4C41-B4DF-4D6CC11988B2@voskuil.org>
References: <87h9cecad5.fsf@rustcorp.com.au>
<1E86A00F-0609-4DBC-9543-94AE04CC13C9@voskuil.org>
<577234A4.3030808@jonasschnelli.ch>
<360EF9B8-A174-41CA-AFDD-2BC2C0B4DECB@voskuil.org>
<20160629111728.GO13338@dosf1.alfie.wtf>
<2981A919-4550-4807-8ED9-F8C51B2DC061@voskuil.org>
<57750EAB.3020105@jonasschnelli.ch>
To: Jonas Schnelli <dev@jonasschnelli.ch>
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, MIME_QP_LONG_LINE,
RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] BIP 151
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2016 12:27:35 -0000
> On Jun 30, 2016, at 2:20 PM, Jonas Schnelli <dev@jonasschnelli.ch> wrote:
>=20
>=20
>> Yes, this is exactly what I meant. The complexity of the proposed constru=
ction is comparable to that of Bitcoin itself. This is not itself prohibitiv=
e, but it is clearly worthy of consideration.
>>=20
>> A question we should ask is whether decentralized anonymous credentials i=
s applicable to the authentication problem posed by BIP151. I propose that i=
t is not.
>>=20
>> The core problem posed by BIP151 is a MITM attack. The implied solution (=
BIP151 + authentication) requires that a peer trusts that another is not an a=
ttacker.
>=20
> BIP151 would increase the risks for MITM attackers.
> What are the benefits for Mallory of he can't be sure Alice and Bob may
> know that he is intercepting the channel?
It is not clear to me why you believe an attack on privacy by an anonymous p=
eer is detectable.
> MITM is possible today, it would still be possible (though under higher
> costs) with BIP151.
>=20
> With BIP151 we would have the basic tool-set to effectively reduce the
> risks of being MITMled.
>=20
> IMO we should focus on the risks and benefits of BIP151 and not drag
> this discussion into the realm of authentication. This can and should be
> done once we have proposals for authentication (and I'm sure this will
> be a heated debate).
>=20
> The only valid risk I have on my list from you, Eric, is the false sense
> of security.
>=20
> My countermeasure for that would be...
> - deploy BIP151 together with the simplest form of authentication
> (know_hosts / authorized_keys file, no TOFU only editable "by hand")
> - make it more clear (in the BIP151 MOTIVATION text) that it won't solve
> the privacy/MITM problem without additional authentication.
>=20
> Or could you elaborate again =E2=80=93 without stepping into the realm of
> authentication/MITM (which is not part of the BIP or possible already
> today) =E2=80=93 why BIP151 would make things worse?
>=20
> </jonas>
>=20
|
