From aj at erisian.com.au Wed Oct 21 03:43:10 2015 From: aj at erisian.com.au (Anthony Towns) Date: Wed, 21 Oct 2015 13:43:10 +1000 Subject: [Lightning-dev] daemon/p2p protocol In-Reply-To: <87eggpf2jy.fsf@rustcorp.com.au> References: <20151016205355.GA18796@navy> <20151019053003.GB19146@navy> <20151019220909.GB18268@navy> <87eggpf2jy.fsf@rustcorp.com.au> Message-ID: <20151021034310.GA22898@navy> On Wed, Oct 21, 2015 at 11:41:45AM +1030, Rusty Russell wrote: > Having a session nonce does help after first handshake, though it allows > correlation, so it needs to change (pretty trivial, it could just be > sha256() of some shared secret plus a number which increments on each > successful handshake). Can just be the first 4-8 bytes of that too (leaving the next 4-28 bytes to be the secret response in the signature). ECDH of the node ids would be the obvious shared secret to use as a base? > In practice I think "successful handshake" is a bit vague, so may > require allowing +/- 1 nonce. I'd have to think harder about this > though. > Is this overcomplicating things? While nodes are publishing their ids (and IPs -- even if only by /whois) in a public IRC channel, I don't think a nonce does any good -- the info it's trying to avoid revealing is already being revealed anyway. So I think table this for now? Cheers, aj