Re: [bitcoin-dev] BIP151 protocol incompatibility

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Eric Voskuil <eric@voskuil•org>
To: Pieter Wuille <pieter.wuille@gmail•com>,
	Bitcoin Dev <bitcoin-dev@lists•linuxfoundation.org>
Cc: libbitcoin@lists•dyne.org
Subject: Re: [bitcoin-dev] BIP151 protocol incompatibility
Date: Mon, 13 Feb 2017 01:36:21 -0800	[thread overview]
Message-ID: <dde5349d-c430-ad57-30c7-77954ff1a94d@voskuil.org> (raw)
In-Reply-To: <CAPg+sBhDjVuN6=tdvUcSY5OCdJD7s3Jp90K1qx0iRX+2WppUQQ@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2944 bytes --]

On 02/13/2017 12:47 AM, Pieter Wuille wrote:
> On Feb 12, 2017 23:58, "Eric Voskuil via bitcoin-dev"
> <bitcoin-dev@lists•linuxfoundation.org wrote:
> 
>     The BIP151 proposal states:
> 
>     > This proposal is backward compatible. Non-supporting peers will ignore
>     the encinit messages.
> 
>     This statement is incorrect. Sending content that existing nodes do not
>     expect is clearly an incompatibility. An implementation that ignores
>     invalid content leaves itself wide open to DOS attacks. The version
>     handshake must be complete before the protocol level can be determined.
>     While it may be desirable for this change to precede the version
>     handshake it cannot be described as backward compatible.
> 
> The worst possible effect of ignoring unknown messages is a waste of
> downstream bandwidth. The same is already possible by being sent addr
> messages.
> 
> Using the protocol level requires a strict linear progression of
> (allowed) network protocol features, which I expect to become harder and
> harder to maintain.
> 
> Using otherwise ignored messages for determining optional features is
> elegant, simple and opens no new attack vectors. I think it's very much
> preferable over continued increments of the protocol version.

As I said, it *may* be desirable, but it is *not* backward compatible,
and you do not actually dispute that above.

There are other control messages that qualify as "optional messages" but
these are only sent if the peer is at a version to expect them -
explicit in their BIPs. All adopted BIPs to date have followed this
pattern. This is not the same and it is not helpful to imply that it is
just following that pattern.

As for DOS, waste of bandwidth is not something to be ignored. If a peer
is flooding a node with addr message the node can manage it because it
understands the semantics of addr messages. If a node is required to
allow any message that it cannot understand it has no recourse. It
cannot determine whether it is under attack or if the behavior is
correct and for proper continued operation must be ignored.

This approach breaks any implementation that validates traffic, which is
clearly correct behavior given the existence of the version handshake.
Your comments make it clear that this is a *change* in network behavior
- essentially abandoning the version handshake. Whether is is harder to
maintain is irrelevant to the question of whether it is a break with
existing protocol.

If you intend for the network to abandon the version handshake and/or
promote changes that break it I propose that you write up this new
behavior as a BIP and solicit community feedback. There are a lot of
devices connected to the network and it would be irresponsible to break
something as fundamental as the P2P protocol handshake because you have
a feeling it's going to be hard to maintain.

e

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 490 bytes --]

next prev parent reply	other threads:[~2017-02-13  9:36 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-13  5:18 Eric Voskuil
2017-02-13  8:47 ` Pieter Wuille
2017-02-13  9:36   ` Eric Voskuil [this message]
2017-02-13 10:07     ` Jonas Schnelli
2017-02-13 10:30       ` Eric Voskuil
2017-02-13 11:14         ` Jonas Schnelli
2017-02-14 19:54           ` Eric Voskuil
2017-02-14 20:58             ` Jonas Schnelli
2017-02-13 10:16     ` Matt Corallo
2017-02-13 10:54       ` Eric Voskuil
2017-02-13 11:11         ` Matt Corallo
2017-02-13 11:17           ` Eric Voskuil
2017-02-13 13:04             ` Matt Corallo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=dde5349d-c430-ad57-30c7-77954ff1a94d@voskuil.org \
    --to=eric@voskuil$(echo .)org \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    --cc=libbitcoin@lists$(echo .)dyne.org \
    --cc=pieter.wuille@gmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox