Unauthenticated link level encryption is wonderful! MITM attacks are overrated; as they require an active attacker.

Stopping passive attacks is the low hanging fruit. This should be taken first.

Automated and secure peer authentication in a mesh network is a huge topic. One of the unsolved problems in computer science.

A simple 'who is that' by asking for the fingerprint of your peers from your other peers is a very simple way to get 'some' authentication.  Semi-trusted index nodes also is a low hanging fruit for authentication.

However, let's first get unauthenticated encryption. Force the attackers to use active attacks. (That are thousands times more costly to couduct).

Sent from my iPhone

> On 29 Jun 2016, at 00:36, Gregory Maxwell via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
> 
> On Tue, Jun 28, 2016 at 9:22 PM, Eric Voskuil via bitcoin-dev
> <bitcoin-dev@lists.linuxfoundation.org> wrote:
>> An "out of band key check" is not part of BIP151.
> 
> It has a session ID for this purpose.
> 
>> It requires a secure channel and is authentication. So BIP151 doesn't provide the tools to detect an attack, that requires authentication. A general requirement for authentication is the issue I have raised.
> 
> One might wonder how you ever use a Bitcoin address, or even why we
> might guess these emails from "you" aren't actually coming from the
> NSA.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev