Hi

> On Thu, Jun 09, 2016 at 01:24:09AM +0000, Gregory Maxwell wrote:
>> Reduction to plaintext isn't an interesting attack vector for an active
>> attacker: they can simply impersonate the remote side.
>>
>> This is addressed via authentication, where available, which is done by a
>> separate specification that builds on this one.
> 
> Are there any links to discussions on how authentication may be done?

I'm currently working on the Auth-BIP which is not worth reviewing it
right now (I will post it to the mailing list once it has been reached a
stable level where it can be discusses).

If you can't wait, here is the current work:
https://github.com/jonasschnelli/bips/blob/35d7e382cdd6955ff42726c3d06c44e33f61ae52/bip-undef-0.mediawiki


Most recent MITM/auth discussion (there where plenty of discussions on
IRC about this topic):
https://botbot.me/freenode/bitcoin-core-dev/2016-04-04/?msg=63463826&page=3


</jonas>