On 03/08/2017 01:20 PM, Jonas Schnelli wrote: > >> Am 08.03.2017 um 22:09 schrieb Eric Voskuil : >> >> On 03/08/2017 11:47 AM, Jonas Schnelli wrote: >>>>> Nodes are by design not supposed to be identifiable in any way >>>> >>>> This is of course my objection to BIP150 ("a way for peers to ... >>>> guarantee node ownership“). >>> >>> Please Eric. Stop spreading FUD. >> >> I'm always willing to debate this issue. I'm generally a little >> suspicious of one who demands another person to stop arguing. I got at >> least one such demand (along with a threat) on this subject privately >> last summer from a notable Core dev. There is a lengthy thread on this >> subject in which I raised these issues. Everyone is free to review that >> discussion. > What you did say in the sentence above (and I think is FUD) is, that BIP150 will lead to every node being identifiable. My argument against BIP150 (and 151) is based on the very real concern that it provides a built-in mechanism to partition the network (while also providing no meaningful privacy benefit). > This is just completely wrong. The only actual argument that I have seen from *anyone* to date is that this is *unlikely* to happen. That was specifically Pieter's position last summer. That argument is not technical but instead based on blind trust in people. The common refrain, which Pieter has penned again in a follow-up to this post, is that we already have identity in terms of IP addresses, so what's the harm. I find this argument ironic given that one of the arguments in favor of this proposal is that IP address identification is insufficient to establish identity. I assume that you both understand there is a very meaningful distinction between strong identity and weak identity. The other argument that is often given is that, because we are talking about privately shared as opposed to published identifiers, there is no reason for concern. This entirely misses the point. The ability to establish strong identity makes it trivial for someone to (strongly) require the identity of anyone with who he/she allows a connection. This is the *stated purpose* of BIP150. This turns the Bitcoin security model on its head. Instead of validating content this validates people. Given the current level of economic and hash power centralization it is not at all hard to imagine that through fear/consequences of regulatory controls or even poor scalability, that these points of centralization will eventually start by establishing private connections, and eventually require anyone connecting to them to "preshare" an identifier (which of course identifies the person). At that point Bitcoin P2P will have become a private network. I know you have the right motivation, but I do not understand why you would ignore this risk in exchange for a false sense of privacy. There is a very clear path to this happening. So please explain to me how this concern is "wrong". This is *not* a technical question, I know perfectly well how the scheme works. > There is nothing to say against a technical debate (and we had this), but I will ask you to stop if I see you attacking BIP150/151 at every occasion with FUDish arguments like this. Take a step back and consider that there may in fact be serious consequences to what you are proposing. Calling may arguments "attacking" and "FUD" is unproductive. e