From: Peter Todd <pete@petertodd.org>
To: Jeff Garzik <jgarzik@exmulti.com>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Discovery/addr packets (was: Service bits for pruned nodes)
Date: Mon, 6 May 2013 12:37:32 -0400 [thread overview]
Message-ID: <20130506163732.GB5193@petertodd.org> (raw)
In-Reply-To: <CA+8xBpfdY7GsQiyrHuOG-MqXon0RGShpg2Yv-KeAXQ-503kAsA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1613 bytes --]
On Mon, May 06, 2013 at 12:20:12PM -0400, Jeff Garzik wrote:
> > Security will be no worse than before - if any one server/seed is honest
> > you're ok - and hopefully better due to the accountability. Obviously
>
> Indeed, the DNS seeds are just servers run by trusted individuals anyway.
Yup, and lets be really clear here: what I'm saying about existing DNS
seeds selecting peers from a wider pool isn't to fundementally reduce
the trust in those seeds, it's to reduce the amount of effort the people
*running* the seeds need to expend to return safe results.
> In either case, bitcoinj definitely wants fixing for its over-reliance
> on DNS seeds. This has been noted as a problem for a while.
Anyway, DNS returns unsigned data usually - DNSSEC is not widely
implemented - so at least an alternative seed system with SSL certs
could provide a way of getting results from the seed to you in the first
place with a different set of vulnerabilities. (I'm not going to say
it's really more secure - your ISP can MITM your connections to those
remote nodes anyway - but the types of attacks are at least different)
Speaking of, off-topic for this discussion, but in the future
node-to-node communicate should be encrypted and signed, and seeds
should have a mechanism to return the pubkey the node will use for
communication. This would protect against your ISP MITM attacking your
communications with every node. Of course, Tor hidden service nodes do
this already essentially.
--
'peter'[:-1]@petertodd.org
000000000000001882c602178bd4dc6501ecd65db1e1380224be98c923043c07
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
next prev parent reply other threads:[~2013-05-06 16:37 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-06 14:58 [Bitcoin-development] Discovery/addr packets (was: Service bits for pruned nodes) Mike Hearn
2013-05-06 16:12 ` Peter Todd
2013-05-06 16:20 ` Jeff Garzik
2013-05-06 16:34 ` Mike Hearn
2013-05-06 16:37 ` Peter Todd [this message]
2013-05-06 16:47 ` Mike Hearn
2013-05-06 17:19 ` Peter Todd
2013-05-06 17:25 ` Jeff Garzik
2013-05-06 17:42 ` Gregory Maxwell
2013-05-06 17:53 ` Peter Todd
2013-05-06 18:01 ` Gregory Maxwell
2013-05-06 18:19 ` Peter Todd
2013-05-06 18:32 ` Adam Back
2013-05-06 19:08 ` Peter Todd
2013-05-06 19:50 ` Adam Back
2013-05-06 20:43 ` Peter Todd
2013-05-06 23:44 ` Peter Todd
2013-05-07 9:00 ` Mike Hearn
2013-05-09 0:57 ` John Dillon
2013-05-06 18:04 ` Adam Back
2013-05-06 18:25 ` Gregory Maxwell
2013-05-06 22:51 ` [Bitcoin-development] limits of network hacking/netsplits (was: Discovery/addr packets) Adam Back
2013-05-06 23:13 ` Gregory Maxwell
2013-05-07 4:48 ` Petr Praus
2013-05-07 21:07 ` Matt Corallo
2013-05-07 9:17 ` Mike Hearn
2013-05-07 11:07 ` Adam Back
2013-05-07 12:04 ` Mike Hearn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130506163732.GB5193@petertodd.org \
--to=pete@petertodd.org \
--cc=bitcoin-development@lists.sourceforge.net \
--cc=jgarzik@exmulti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox