On Mon, May 06, 2013 at 10:42:19AM -0700, Gregory Maxwell wrote: > On Mon, May 6, 2013 at 10:19 AM, Peter Todd wrote: > >> running hash of all messages sent on a connection so far. Add a new > >> protocol message that asks the node to sign the current accumulated > >> hash. > > We already depend on OpenSSL, why not just use standard SSL? > > SSL doesn't actually provide non-repudiation. We actually want > non-repudiation. I want to be able to prove to others that some node > deceived me. We don't have non-repudiation now, why make that a requirement for the first version? Adding non-repudiation is something that has to happen at the Bitcoin protocol level,(1) so it's orthogonal to using SSL to make sure you're connection isn't being tampered with and is encrypted. 1) Non-repudiation is only useful with fraud proofs, and they will have to be thought out for everything the node might claim. > (there are a number of other arguments I could make against SSL, but > that one is probably sufficient— or rather, it's an argument that we > should have some way of cheaply getting non-reputable signatures > regardless of the transport) Exactly. Implement an SSL-protected transport, and leave non-repudiation and broader issues of node identity as a later, long-term project. Many client won't even want to support all that complexity, but they'll still want to cheaply get the advantages SSL has with regard to MITM resistance and privacy with little effort. Anyway, the concept of a per-node identity keypair is the first step towards non-repudiation, and implementing SSL transport. > couple attempts it can be minutes before it gets a connection. We're > short on onion peers and I sometimes get inbound connections before I I run a fast node on EC2 that only accepts inbound connections over Tor and I regularly have about ~50 inbound peers. -- 'peter'[:-1]@petertodd.org 0000000000000042d8b5bc3ca04847f711b82b66f08b7360a565ebd0b131621c