1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
Return-Path: <da2ce7@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 23CF9A1A
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 28 Jun 2016 21:40:28 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-lf0-f44.google.com (mail-lf0-f44.google.com
[209.85.215.44])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 4306C1E5
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 28 Jun 2016 21:40:27 +0000 (UTC)
Received: by mail-lf0-f44.google.com with SMTP id h129so20542403lfh.1
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 28 Jun 2016 14:40:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:subject:from:in-reply-to:date:cc
:content-transfer-encoding:message-id:references:to;
bh=9QtJU7CNnOFVtpUDoAqIZB+FbCDoUTN20uUghBOA2K4=;
b=R2fSvtmFzGmfn8KFKT9BHSuPyB1VuyjtVUXm2fw46BYOcvQdNSJupos5nUhET70Ypc
FASiQuGMu44H+kLlt1jLUWEX2ptyAPsT2SYY12jRZXojbT70PzYBUjIcazbtuAeO08xw
qgaxoFMCmGh5C7vvOT/nejjXw+cXAxy56MKnAEYrUDfpfFEgVKoZljhiEPPPW+SKZzTq
5Q7oDpY+oAWvM5ALeo8YZhmQZ3ZnSEONZnSgBgFIFXX2kfOIjVMjXC16zgnD1xV0j0wr
+UQgEgUJh9EbSasNHYQ3PGiAEv3cPA5QwwIcQhomS5mORTYSJb7RkmFtekyzNmyRDQnx
16XQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
:content-transfer-encoding:message-id:references:to;
bh=9QtJU7CNnOFVtpUDoAqIZB+FbCDoUTN20uUghBOA2K4=;
b=CVmFJQkXUXqrTIQLrl0+kgbDnFgc62VahvrPYtZKITmL/On7o0rysu9+mJlhFtanNr
Fopdfi/X9VNEGEanRl7RZRI4srbBQCOHO+iRT7aPBazK2R4P+Iwa+szGLiFGVLHFUH0K
Smz87ypvY13TrfR1Jr9i0tmQJSycoNySypjzZXICgOfm/PxiHL3BVSX33r9Rwi/304vJ
vYf+Y/VJ/yzwdvOZlhvJyD8kX0VMp73/pV4iRSB77lr914eRPtMWDjS199NAf2ccka3j
uCN8J9i0J9QWG6aNoCoNXoydU0qdZ/0V5vKcRNTzSDEXUbBagU+Ah2CpHXjW64wy3nco
1b2w==
X-Gm-Message-State: ALyK8tIv65DJ5Mv5+AaahgvoO8UQGjRn8Bp2cLHIyq1Q3ADL5OwDzIXO0bRxogLOIPXcLg==
X-Received: by 10.25.131.141 with SMTP id f135mr1669076lfd.42.1467150025175;
Tue, 28 Jun 2016 14:40:25 -0700 (PDT)
Received: from [192.168.0.103] (188-115-185-127.broadband.tenet.odessa.ua.
[188.115.185.127])
by smtp.gmail.com with ESMTPSA id k18sm51524lfg.47.2016.06.28.14.40.23
(version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Tue, 28 Jun 2016 14:40:24 -0700 (PDT)
Content-Type: multipart/alternative;
boundary=Apple-Mail-6F871291-EF15-4F60-BBF3-9E6E90AC02A2
Mime-Version: 1.0 (1.0)
From: Cameron Garnham <da2ce7@gmail.com>
X-Mailer: iPhone Mail (13F69)
In-Reply-To: <CAAS2fgRGbnH-NtPRdLe0yhFSoqJ7b6O25LfyGv_ULHhy8bBSpg@mail.gmail.com>
Date: Wed, 29 Jun 2016 00:40:23 +0300
Content-Transfer-Encoding: 7bit
Message-Id: <B1AF0E38-522E-4EC7-8595-92972D658430@gmail.com>
References: <87h9cecad5.fsf@rustcorp.com.au>
<1E86A00F-0609-4DBC-9543-94AE04CC13C9@voskuil.org>
<577234A4.3030808@jonasschnelli.ch>
<360EF9B8-A174-41CA-AFDD-2BC2C0B4DECB@voskuil.org>
<20160628182202.GA5519@fedora-21-dvm>
<D40F9E9D-DB6C-4083-A9E8-C5EBC363DB30@voskuil.org>
<20160628201447.GA1148@fedora-21-dvm>
<4DCF7DD2-6533-4F79-8CA1-871B67C01BDA@voskuil.org>
<20160628203605.GA1328@fedora-21-dvm>
<E8335291-7142-4E21-A1E2-76F387426741@voskuil.org>
<CAAS2fgRGbnH-NtPRdLe0yhFSoqJ7b6O25LfyGv_ULHhy8bBSpg@mail.gmail.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,
HTML_MESSAGE, MIME_QP_LONG_LINE,
RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Tue, 28 Jun 2016 21:52:19 +0000
Subject: Re: [bitcoin-dev] BIP 151
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jun 2016 21:40:28 -0000
--Apple-Mail-6F871291-EF15-4F60-BBF3-9E6E90AC02A2
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Unauthenticated link level encryption is wonderful! MITM attacks are overrat=
ed; as they require an active attacker.
Stopping passive attacks is the low hanging fruit. This should be taken firs=
t.
Automated and secure peer authentication in a mesh network is a huge topic. O=
ne of the unsolved problems in computer science.
A simple 'who is that' by asking for the fingerprint of your peers from your=
other peers is a very simple way to get 'some' authentication. Semi-truste=
d index nodes also is a low hanging fruit for authentication.
However, let's first get unauthenticated encryption. Force the attackers to u=
se active attacks. (That are thousands times more costly to couduct).
Sent from my iPhone
> On 29 Jun 2016, at 00:36, Gregory Maxwell via bitcoin-dev <bitcoin-dev@lis=
ts.linuxfoundation.org> wrote:
>=20
> On Tue, Jun 28, 2016 at 9:22 PM, Eric Voskuil via bitcoin-dev
> <bitcoin-dev@lists.linuxfoundation.org> wrote:
>> An "out of band key check" is not part of BIP151.
>=20
> It has a session ID for this purpose.
>=20
>> It requires a secure channel and is authentication. So BIP151 doesn't pro=
vide the tools to detect an attack, that requires authentication. A general r=
equirement for authentication is the issue I have raised.
>=20
> One might wonder how you ever use a Bitcoin address, or even why we
> might guess these emails from "you" aren't actually coming from the
> NSA.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
--Apple-Mail-6F871291-EF15-4F60-BBF3-9E6E90AC02A2
Content-Type: text/html;
charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><div><span style=3D"background-color: rgba(=
255, 255, 255, 0);">Unauthenticated link level encryption is wonderful! MITM=
attacks are overrated; as they require an active attacker.</span><div><span=
style=3D"background-color: rgba(255, 255, 255, 0);"><br></span></div><div><=
span style=3D"background-color: rgba(255, 255, 255, 0);">Stopping passive at=
tacks is the low hanging fruit. This should be taken first.</span></div><div=
><span style=3D"background-color: rgba(255, 255, 255, 0);"><br></span></div>=
<div><span style=3D"background-color: rgba(255, 255, 255, 0);">Automated and=
secure peer authentication in a mesh network is a huge topic. One of the un=
solved problems in computer science.</span></div><div><span style=3D"backgro=
und-color: rgba(255, 255, 255, 0);"><br></span><div><div><span style=3D"back=
ground-color: rgba(255, 255, 255, 0);">A simple 'who is that' by asking=
for the fingerprint of your peers from your other peers is a very simple wa=
y to get 'some' authentication. Semi-trusted index nodes also is a low=
hanging fruit for authentication.</span></div><div><span style=3D"backgroun=
d-color: rgba(255, 255, 255, 0);"><br></span></div><span style=3D"background=
-color: rgba(255, 255, 255, 0);">However, let's first get u<font>nauthentica=
ted encryption. Force the attackers to use active attacks. (That are thousan=
ds times more costly to couduct).</font></span></div></div><br>Sent from my i=
Phone</div><div><br>On 29 Jun 2016, at 00:36, Gregory Maxwell via bitcoin-de=
v <<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@l=
ists.linuxfoundation.org</a>> wrote:<br><br></div><blockquote type=3D"cit=
e"><div><span>On Tue, Jun 28, 2016 at 9:22 PM, Eric Voskuil via bitcoin-dev<=
/span><br><span><<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org"=
>bitcoin-dev@lists.linuxfoundation.org</a>> wrote:</span><br><blockquote t=
ype=3D"cite"><span>An "out of band key check" is not part of BIP151.</span><=
br></blockquote><span></span><br><span>It has a session ID for this purpose.=
</span><br><span></span><br><blockquote type=3D"cite"><span>It requires a se=
cure channel and is authentication. So BIP151 doesn't provide the tools to d=
etect an attack, that requires authentication. A general requirement for aut=
hentication is the issue I have raised.</span><br></blockquote><span></span>=
<br><span>One might wonder how you ever use a Bitcoin address, or even why w=
e</span><br><span>might guess these emails from "you" aren't actually coming=
from the</span><br><span>NSA.</span><br><span>_____________________________=
__________________</span><br><span>bitcoin-dev mailing list</span><br><span>=
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.l=
inuxfoundation.org</a></span><br><span><a href=3D"https://lists.linuxfoundat=
ion.org/mailman/listinfo/bitcoin-dev">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a></span><br></div></blockquote></body></html>=
--Apple-Mail-6F871291-EF15-4F60-BBF3-9E6E90AC02A2--
|
