* [bitcoin-dev] BIP 151 MITM
@ 2016-06-08 23:47 Alfie John
2016-06-09 1:24 ` Gregory Maxwell
0 siblings, 1 reply; 5+ messages in thread
From: Alfie John @ 2016-06-08 23:47 UTC (permalink / raw)
To: bitcoin-dev
Hi folks,
Overall I think BIP 151 is a good idea. However unless I'm mistaken, what's to
prevent someone between peers to suppress the initial 'encinit' message during
negotiation, causing both to fallback to plaintext?
Peers should negotiate a secure channel from the outset or backout entirely
with no option of falling back. This can be indicated loudly by the daemon
listening on an entirely new port.
Alfie
--
Alfie John
https://www.alfie.wtf
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [bitcoin-dev] BIP 151 MITM
2016-06-08 23:47 [bitcoin-dev] BIP 151 MITM Alfie John
@ 2016-06-09 1:24 ` Gregory Maxwell
2016-06-09 1:42 ` Alfie John
0 siblings, 1 reply; 5+ messages in thread
From: Gregory Maxwell @ 2016-06-09 1:24 UTC (permalink / raw)
To: Alfie John, Bitcoin Protocol Discussion
On Wed, Jun 8, 2016 at 11:47 PM, Alfie John via bitcoin-dev
<bitcoin-dev@lists•linuxfoundation.org> wrote:
> Hi folks,
>
> Overall I think BIP 151 is a good idea. However unless I'm mistaken, what's to
> prevent someone between peers to suppress the initial 'encinit' message during
> negotiation, causing both to fallback to plaintext?
>
> Peers should negotiate a secure channel from the outset or backout entirely
> with no option of falling back. This can be indicated loudly by the daemon
> listening on an entirely new port.
Reduction to plaintext isn't an interesting attack vector for an
active attacker: they can simply impersonate the remote side.
This is addressed via authentication, where available, which is done
by a separate specification that builds on this one.
Without authentication this only provides protection against passive attackers.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [bitcoin-dev] BIP 151 MITM
2016-06-09 1:24 ` Gregory Maxwell
@ 2016-06-09 1:42 ` Alfie John
2016-06-09 6:57 ` Jonas Schnelli
0 siblings, 1 reply; 5+ messages in thread
From: Alfie John @ 2016-06-09 1:42 UTC (permalink / raw)
To: Gregory Maxwell; +Cc: Bitcoin Protocol Discussion
On Thu, Jun 09, 2016 at 01:24:09AM +0000, Gregory Maxwell wrote:
> Reduction to plaintext isn't an interesting attack vector for an active
> attacker: they can simply impersonate the remote side.
>
> This is addressed via authentication, where available, which is done by a
> separate specification that builds on this one.
Are there any links to discussions on how authentication may be done?
Thanks,
Alfie
--
Alfie John
https://www.alfie.wtf
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [bitcoin-dev] BIP 151 MITM
2016-06-09 1:42 ` Alfie John
@ 2016-06-09 6:57 ` Jonas Schnelli
2016-06-09 7:00 ` Alfie John
0 siblings, 1 reply; 5+ messages in thread
From: Jonas Schnelli @ 2016-06-09 6:57 UTC (permalink / raw)
To: bitcoin-dev
[-- Attachment #1.1: Type: text/plain, Size: 957 bytes --]
Hi
> On Thu, Jun 09, 2016 at 01:24:09AM +0000, Gregory Maxwell wrote:
>> Reduction to plaintext isn't an interesting attack vector for an active
>> attacker: they can simply impersonate the remote side.
>>
>> This is addressed via authentication, where available, which is done by a
>> separate specification that builds on this one.
>
> Are there any links to discussions on how authentication may be done?
I'm currently working on the Auth-BIP which is not worth reviewing it
right now (I will post it to the mailing list once it has been reached a
stable level where it can be discusses).
If you can't wait, here is the current work:
https://github.com/jonasschnelli/bips/blob/35d7e382cdd6955ff42726c3d06c44e33f61ae52/bip-undef-0.mediawiki
Most recent MITM/auth discussion (there where plenty of discussions on
IRC about this topic):
https://botbot.me/freenode/bitcoin-core-dev/2016-04-04/?msg=63463826&page=3
</jonas>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [bitcoin-dev] BIP 151 MITM
2016-06-09 6:57 ` Jonas Schnelli
@ 2016-06-09 7:00 ` Alfie John
0 siblings, 0 replies; 5+ messages in thread
From: Alfie John @ 2016-06-09 7:00 UTC (permalink / raw)
To: Jonas Schnelli, Bitcoin Protocol Discussion
On Thu, Jun 09, 2016 at 08:57:29AM +0200, Jonas Schnelli via bitcoin-dev wrote:
> > Are there any links to discussions on how authentication may be done?
>
> I'm currently working on the Auth-BIP which is not worth reviewing it
> right now (I will post it to the mailing list once it has been reached a
> stable level where it can be discusses).
>
> If you can't wait, here is the current work:
> https://github.com/jonasschnelli/bips/blob/35d7e382cdd6955ff42726c3d06c44e33f61ae52/bip-undef-0.mediawiki
>
> Most recent MITM/auth discussion (there where plenty of discussions on
> IRC about this topic):
> https://botbot.me/freenode/bitcoin-core-dev/2016-04-04/?msg=63463826&page=3
Awesome, thanks for the link Jonas.
Alfie
--
Alfie John
https://www.alfie.wtf
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-06-09 7:00 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-08 23:47 [bitcoin-dev] BIP 151 MITM Alfie John
2016-06-09 1:24 ` Gregory Maxwell
2016-06-09 1:42 ` Alfie John
2016-06-09 6:57 ` Jonas Schnelli
2016-06-09 7:00 ` Alfie John
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox