On Tue, Jun 28, 2016 at 06:45:58PM +0200, Eric Voskuil via bitcoin-dev wrote:
> > 1) Transaction censorship
> > ISPs, WIFI provider or any other MITM, can holdback/censor unconfirmed
> > transactions. Regardless if you are a miner or a validation/wallet node.
> > 
> > 2) Peer censorship
> > MITM can remove or add entries from a "addr" message.
> > 
> > 3) Fingerprinting
> > ISPs or any other MITM can intercept/inject fingerprinting relevant
> > messages like "mempool" to analyze the bitcoin network.
> 
> Encryption alone cannot protect against a MITM attack in an anonymous and permissionless network. This is accepted in the BIP (and your follow-up reply).

Being able to easily detect MITM attacks is a _huge_ step forward that
shouldn't be underestimated; even if 99% of users aren't in a position to
detect the MITM you only need a small subset of users that do the necessary
checks to alert the wider community, who can then respond with stronger
security measures. Those measures are likely to be more costly - authenticated
systems are significantly harder than not - so better to save your efforts
until the need for them is more obvious.

Also the fact that an attack has a reasonable probability of detection is a big
disincentive for many types of attackers - note how one of the things revealed
in the Snowden leaks was the fact that the NSA generally tries quite hard to
avoid tipping off targets to the fact that they're being surveilled, with a
myriad of carefully scripted policies to control when and how exploits are used
against targets.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org