1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
Return-Path: <dev@jonasschnelli.ch>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id BF74169
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 23 Mar 2016 15:24:18 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from server3 (server3.include7.ch [144.76.194.38])
by smtp1.linuxfoundation.org (Postfix) with ESMTP id 366ED16D
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 23 Mar 2016 15:24:17 +0000 (UTC)
Received: by server3 (Postfix, from userid 115)
id BD9432E200F3; Wed, 23 Mar 2016 16:24:16 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Spam-Level:
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, FSL_HELO_NON_FQDN_1
autolearn=ham version=3.3.1
Received: from Jonass-MacBook-Pro.local (cable-static-140-182.teleport.ch
[87.102.140.182]) by server3 (Postfix) with ESMTPSA id 11BA82D00270
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 23 Mar 2016 16:24:16 +0100 (CET)
To: Bitcoin development mailing list <bitcoin-dev@lists.linuxfoundation.org>
From: Jonas Schnelli <dev@jonasschnelli.ch>
Message-ID: <56F2B51C.8000105@jonasschnelli.ch>
Date: Wed, 23 Mar 2016 16:24:12 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0)
Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="jphCgCGa8Q1JoErib9kqWWuVDeS70rkRS"
X-Mailman-Approved-At: Wed, 23 Mar 2016 16:00:01 +0000
Subject: [bitcoin-dev] p2p authentication and encryption BIPs
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2016 15:24:18 -0000
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--jphCgCGa8Q1JoErib9kqWWuVDeS70rkRS
Content-Type: multipart/mixed; boundary="ErghshXugs9tWx89WGPcS8vghp0PQimWx"
From: Jonas Schnelli <dev@jonasschnelli.ch>
To: Bitcoin development mailing list <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <56F2B51C.8000105@jonasschnelli.ch>
Subject: p2p authentication and encryption BIPs
--ErghshXugs9tWx89WGPcS8vghp0PQimWx
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hi
I have just PRed a draft version of two BIPs I recently wrote.
https://github.com/bitcoin/bips/pull/362
Two BIPs that addresses the problem of decoupling wallets/clients from
nodes while assuming a user (or a group) know the remote peer.
Authentication would be necessary to selective allow bloom filtering of
transactions, encryption or any other node service that might lead to
fingerprinting or resource attacks. Authentication would also be a
pre-requirement for certificate free encryption-handshakes that is
(enough?) resistant to MITM attacks.
Encryption is highly recommended if you connect a SPV node to a trusted
node.
Authentication would allow accessing private p2p extensions from a
remote SPV peer (example: fee estimation).
I'm aware of other methods to increase privacy and integrity (tor, VPN,
stunnel, etc.), however I think authentication and a basic communication
encryption should be part of the protocol and its setup should be
complete hassle-free.
Thanks for your feeback.
/jonas
--ErghshXugs9tWx89WGPcS8vghp0PQimWx--
--jphCgCGa8Q1JoErib9kqWWuVDeS70rkRS
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJW8rUcAAoJECnUvLZBb1PsYo8P/01wdqKELKiXk6ggtvYJBLeU
ixVh6ebqmL627BkumTgi1ol0q9KU2u0TCutuoPLBsoBia4uGTgszzPu9Ni3kQY4H
71A8zr9LVh19OmfqPIhys5EjAkLZmj3FGZ3ytI2KfPQqWIVff5cDWlko7RT/iPJ3
t33KlRVZbTXkJAeccQz7QsM4GMp8aHZ5jQznYCug2wi8TSiMKne0bQ1uVuJALCjq
JVZPQ+1CUGh08045BEB2jsDzlwZj4yU9Hef+xRK7l0ac8W009ASn6LxK1BvCx9rY
fAzYmPVmFFe6SZMoFjjOFYcf9uSpsZOu5hYlJcWz0CDv++O+cE4B3U5fFwvp9Z6d
dwQu+APkVjGXbHv1D1Q+C0XGr/nmefT3vuhtJ4eur7IaraeosmEanLzpg2WLCphP
+B4R5MfZnBPL5Fw13sKU2WVIftS+18gYEQLB98KqVn64YqWzmPkJoJ04avYbc1iX
lKhCG1nSMopmCHh32L3jiT9Z1Fldf6ihxaz0/T/L9mqEG5jQi7tFSsgXtQpNbaWt
ZC6uZqpRoHHT/BxFpwlcO1Trycrl+QiENdzBErdAhj4VBmdXL0PZpFvLr27oqiT/
w5zUxQrT+pjwDa/jFg5Zqhf8cBG+StqvoFS+JsZSMddmjNrWEIAJilp9eJzQ7kIC
bkUpbJUz50Fdlfui/Nky
=IrPs
-----END PGP SIGNATURE-----
--jphCgCGa8Q1JoErib9kqWWuVDeS70rkRS--
|
