Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from <da2ce7@gmail.com>) id 1XJydl-000825-Kx for bitcoin-development@lists.sourceforge.net; Wed, 20 Aug 2014 05:40:57 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.212.178 as permitted sender) client-ip=209.85.212.178; envelope-from=da2ce7@gmail.com; helo=mail-wi0-f178.google.com; Received: from mail-wi0-f178.google.com ([209.85.212.178]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XJydk-0007Og-4I for bitcoin-development@lists.sourceforge.net; Wed, 20 Aug 2014 05:40:57 +0000 Received: by mail-wi0-f178.google.com with SMTP id hi2so6331710wib.11 for <bitcoin-development@lists.sourceforge.net>; Tue, 19 Aug 2014 22:40:49 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.180.187.20 with SMTP id fo20mr4761306wic.58.1408513249889; Tue, 19 Aug 2014 22:40:49 -0700 (PDT) Received: by 10.194.48.51 with HTTP; Tue, 19 Aug 2014 22:40:49 -0700 (PDT) Received: by 10.194.48.51 with HTTP; Tue, 19 Aug 2014 22:40:49 -0700 (PDT) In-Reply-To: <BLU402-EAS2546AD6C97DCED8FCE9C04CC6D20@phx.gbl> References: <c45a638f1e1640fe84bef01d12cda4c3@hotmail.com> <BLU402-EAS2546AD6C97DCED8FCE9C04CC6D20@phx.gbl> Date: Wed, 20 Aug 2014 07:40:49 +0200 Message-ID: <CAACjpwKX9cwowiCruP9xw2UiqfsVXVC1TdKvA1HbQZ6UZ6qBsA@mail.gmail.com> From: Cameron Garnham <da2ce7@gmail.com> To: Un Ix <slashdevnull@hotmail.com> Content-Type: multipart/alternative; boundary=001a11c38366ebd3b20501090b01 X-Spam-Score: -0.1 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (da2ce7[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (da2ce7[at]gmail.com) 1.0 HTML_MESSAGE BODY: HTML included in message 0.3 HTML_FONT_FACE_BAD BODY: HTML font face is not a word -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1XJydk-0007Og-4I Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] Proposal: Encrypt bitcoin messages X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: <bitcoin-development.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> List-Post: <mailto:bitcoin-development@lists.sourceforge.net> List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> X-List-Received-Date: Wed, 20 Aug 2014 05:40:57 -0000 --001a11c38366ebd3b20501090b01 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable We should aim to use perfect forward secrecy between all nodes by default. This forces the attacker to do a MITM attack that is far more expensive on the large scale. I don't see why this is seen as so controversial. It is relatively cheap to implement on our side, and has a dramatic increase of cost for any attackers. Cam. On 20/08/2014 5:49 am, "Un Ix" <slashdevnull@hotmail.com> wrote: > Excuse the ignorance, but there is something I=E2=80=99m not getting in = this > discussion. > > Given it=E2=80=99s a published protocol, with available source code runni= ng on an > open P2P network, why would any messages between nodes benefit from being > encrypted? Surely all the data being processed by the network is known to > any persistent client node(s)? > > Seems like that solution is orthogonal to the root problem, where > attackers could monitor the network and deduce IP addresses by e.g. mappi= ng > senders of transactions. > > *From:* Peter Todd <pete@petertodd.org> > *Sent:* =E2=80=8EWednesday=E2=80=8E, =E2=80=8EAugust=E2=80=8E =E2=80=8E20= =E2=80=8E, =E2=80=8E2014 =E2=80=8E9=E2=80=8E:=E2=80=8E28=E2=80=8E =E2=80=8E= AM > *To:* William Yager <will.yager@gmail.com>, > bitcoin-development@lists.sourceforge.net > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > > > On 19 August 2014 21:19:43 GMT-04:00, William Yager <will.yager@gmail.com= > > wrote: > >On Tue, Aug 19, 2014 at 8:14 PM, Peter Todd <pete@petertodd.org> wrote: > >> In any case, my suggestion of enabling hidden service support by > >default > >> adds both encryption and reasonably good authentication. > > > > > >Enabling hidden service support by default would introduce an insanely > >huge > >attack surface. > > Hence my suggestion of separating that surface by using the standalone To= r > binary, which runs under a different user to the Bitcoin Core binary. > > >And you're conflating two different things; using Tor is valuable to > >Bitcoin because it would provide some anonymity. The encryption aspect > >is > >pretty much useless for us. > > First of all, without encryption we're leaking significant amounts of > information to any passive attacker trying to trace the origin of Bitcoin > transactions, a significant privacy risk. > > Secondly the upcoming v0.10's fee estimation implementation is quite > vulnerable to Sybil attacks. Authentication and encryption are needed to > make it secure from ISP-level targeting to ensure that your view of the > network is representative. Tor support used in parallel with native > connection is ideal here, as neither the Tor network nor your ISP alone c= an > Sybil attack you. It's notable that Bitcoinj has already implemented Tor > support for these same reasons. > -----BEGIN PGP SIGNATURE----- > Version: APG v1.1.1 > > iQFQBAEBCAA6BQJT8/mSMxxQZXRlciBUb2RkIChsb3cgc2VjdXJpdHkga2V5KSA8 > cGV0ZUBwZXRlcnRvZGQub3JnPgAKCRAZnIM7qOfwhRZjCAC4PSpQ68qgtFMR77xf > zXZLr/iMKX6yyJwXRj+vGi+0Ng/sv9NlYjYnDeflom37WlpGo/sCOFcVWImhnS2d > kUFoUH92iXwRuEt/SN/LrHghkLWOxtVu9wa49eS/piGZFF3JWllk82MgdBZ6vjNw > B6WuInEIurK+h8rUbAi2HjFkxVN0K0SsrFt/P0tHj10ABcMealBRoJh2Jx7fLNdS > uTKddqeLyThEpLGNti3k+lhwQ2dA5RUBq6q3GUS/hWvTHRnU+viGMJSYv62LXRN5 > t87BXRY/R9UBpnudf3TIlPtOuIWcv2LhlXVjvbDDQqwJkvB3Qf4ejE3RZ28S5IUr > OBQH > =3DGy7X > -----END PGP SIGNATURE----- > > > > -------------------------------------------------------------------------= ----- > Slashdot TV. > Video for Nerds. Stuff that matters. > http://tv.slashdot.org/ > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > -------------------------------------------------------------------------= ----- > Slashdot TV. > Video for Nerds. Stuff that matters. > http://tv.slashdot.org/ > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > --001a11c38366ebd3b20501090b01 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <p dir=3D"ltr"><br> We should aim to use perfect forward secrecy between all nodes by default.<= /p> <p dir=3D"ltr">This forces the attacker to do a MITM attack that is far mor= e expensive on the large scale.</p> <p dir=3D"ltr">I don't see why this is seen as so controversial.=C2=A0 = It is relatively cheap to implement on our side,=C2=A0 and has a dramatic i= ncrease of cost for any attackers.</p> <p dir=3D"ltr">Cam.<br></p> <div class=3D"gmail_quote">On 20/08/2014 5:49 am, "Un Ix" <<a = href=3D"mailto:slashdevnull@hotmail.com">slashdevnull@hotmail.com</a>> w= rote:<br type=3D"attribution"><blockquote class=3D"gmail_quote" style=3D"ma= rgin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div dir=3D"ltr"> <div dir=3D"ltr" style=3D"font-family:'Calibri','Segoe UI',= 'Meiryo','Microsoft YaHei UI','Microsoft JhengHei UI= 9;,'Malgun Gothic','sans-serif';font-size:12pt"><div>Excuse= the ignorance, but there is something I=E2=80=99m not getting in this disc= ussion.</div> <div><br></div><div>Given it=E2=80=99s a published protocol, with available= source code running on an open P2P network, why would any messages between= nodes benefit from=C2=A0being encrypted? Surely all the data being process= ed by the network is known to any persistent client node(s)? </div> <div><br></div><div>Seems like that solution is orthogonal to the root prob= lem, where attackers could=C2=A0monitor the network and deduce IP addresses= by=C2=A0e.g. mapping senders of transactions.</div><div>=C2=A0=C2=A0<br></= div><div style=3D"padding-top:5px;border-top-color:rgb(229,229,229);border-= top-width:1px;border-top-style:solid"> <div><font face=3D" 'Calibri', 'Segoe UI', 'Meiryo'= , 'Microsoft YaHei UI', 'Microsoft JhengHei UI', 'Malgu= n Gothic', 'sans-serif'" style=3D"line-height:15pt;letter-spaci= ng:0.02em;font-family:"Calibri","Segoe UI","Meiryo= ","Microsoft YaHei UI","Microsoft JhengHei UI",&qu= ot;Malgun Gothic","sans-serif";font-size:12pt"><b>From:</b>= =C2=A0<a href=3D"mailto:pete@petertodd.org" target=3D"_blank">Peter Todd</a= ><br> <b>Sent:</b>=C2=A0=E2=80=8EWednesday=E2=80=8E, =E2=80=8EAugust=E2=80=8E =E2= =80=8E20=E2=80=8E, =E2=80=8E2014 =E2=80=8E9=E2=80=8E:=E2=80=8E28=E2=80=8E = =E2=80=8EAM<br><b>To:</b>=C2=A0<a href=3D"mailto:will.yager@gmail.com" targ= et=3D"_blank">William Yager</a>, <a href=3D"mailto:bitcoin-development@list= s.sourceforge.net" target=3D"_blank">bitcoin-development@lists.sourceforge.= net</a></font></div> </div><div><br></div><div dir=3D""> <div>-----BEGIN PGP SIGNED MESSAGE-----<br> Hash: SHA256<br> <br> <br> <br> On 19 August 2014 21:19:43 GMT-04:00, William Yager <<a href=3D"mailto:w= ill.yager@gmail.com" target=3D"_blank">will.yager@gmail.com</a>> wrote:<= br> >On Tue, Aug 19, 2014 at 8:14 PM, Peter Todd <<a href=3D"mailto:pete@= petertodd.org" target=3D"_blank">pete@petertodd.org</a>> wrote:<br> >> In any case, my suggestion of enabling hidden service support by<b= r> >default<br> >> adds both encryption and reasonably good authentication.<br> ><br> ><br> >Enabling hidden service support by default would introduce an insanely<= br> >huge<br> >attack surface.<br> <br> Hence my suggestion of separating that surface by using the standalone Tor = binary, which runs under a different user to the Bitcoin Core binary.<br> <br> >And you're conflating two different things; using Tor is valuable t= o<br> >Bitcoin because it would provide some anonymity. The encryption aspect<= br> >is<br> >pretty much useless for us.<br> <br> First of all, without encryption we're leaking significant amounts of i= nformation to any passive attacker trying to trace the origin of Bitcoin tr= ansactions, a significant privacy risk.<br> <br> Secondly the upcoming v0.10's fee estimation implementation is quite vu= lnerable to Sybil attacks. Authentication and encryption are needed to make= it secure from ISP-level targeting to ensure that your view of the network= is representative. Tor support used in parallel with native connection is = ideal here, as neither the Tor network nor your ISP alone can Sybil attack = you. It's notable that Bitcoinj has already implemented Tor support for= these same reasons.<br> -----BEGIN PGP SIGNATURE-----<br> Version: APG v1.1.1<br> <br> iQFQBAEBCAA6BQJT8/mSMxxQZXRlciBUb2RkIChsb3cgc2VjdXJpdHkga2V5KSA8<br> cGV0ZUBwZXRlcnRvZGQub3JnPgAKCRAZnIM7qOfwhRZjCAC4PSpQ68qgtFMR77xf<br> zXZLr/iMKX6yyJwXRj+vGi+0Ng/sv9NlYjYnDeflom37WlpGo/sCOFcVWImhnS2d<br> kUFoUH92iXwRuEt/SN/LrHghkLWOxtVu9wa49eS/piGZFF3JWllk82MgdBZ6vjNw<br> B6WuInEIurK+h8rUbAi2HjFkxVN0K0SsrFt/P0tHj10ABcMealBRoJh2Jx7fLNdS<br> uTKddqeLyThEpLGNti3k+lhwQ2dA5RUBq6q3GUS/hWvTHRnU+viGMJSYv62LXRN5<br> t87BXRY/R9UBpnudf3TIlPtOuIWcv2LhlXVjvbDDQqwJkvB3Qf4ejE3RZ28S5IUr<br> OBQH<br> =3DGy7X<br> -----END PGP SIGNATURE-----<br> <br> <br> ---------------------------------------------------------------------------= ---<br> Slashdot TV.=C2=A0 <br> Video for Nerds.=C2=A0 Stuff that matters.<br> <a href=3D"http://tv.slashdot.org/" target=3D"_blank">http://tv.slashdot.or= g/</a><br> _______________________________________________<br> Bitcoin-development mailing list<br> <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D"_bla= nk">Bitcoin-development@lists.sourceforge.net</a><br> <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development= " target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment</a><br> </div> </div></div> </div> <br>-----------------------------------------------------------------------= -------<br> Slashdot TV.<br> Video for Nerds.=C2=A0 Stuff that matters.<br> <a href=3D"http://tv.slashdot.org/" target=3D"_blank">http://tv.slashdot.or= g/</a><br>_______________________________________________<br> Bitcoin-development mailing list<br> <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo= pment@lists.sourceforge.net</a><br> <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development= " target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment</a><br> <br></blockquote></div> --001a11c38366ebd3b20501090b01--