public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [bitcoin-dev] BIP 151 MITM
@ 2016-06-08 23:47 Alfie John
  2016-06-09  1:24 ` Gregory Maxwell
  0 siblings, 1 reply; 5+ messages in thread
From: Alfie John @ 2016-06-08 23:47 UTC (permalink / raw)
  To: bitcoin-dev

Hi folks,

Overall I think BIP 151 is a good idea. However unless I'm mistaken, what's to
prevent someone between peers to suppress the initial 'encinit' message during
negotiation, causing both to fallback to plaintext?

Peers should negotiate a secure channel from the outset or backout entirely
with no option of falling back. This can be indicated loudly by the daemon
listening on an entirely new port.

Alfie

-- 
Alfie John
https://www.alfie.wtf


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bitcoin-dev] BIP 151 MITM
  2016-06-08 23:47 [bitcoin-dev] BIP 151 MITM Alfie John
@ 2016-06-09  1:24 ` Gregory Maxwell
  2016-06-09  1:42   ` Alfie John
  0 siblings, 1 reply; 5+ messages in thread
From: Gregory Maxwell @ 2016-06-09  1:24 UTC (permalink / raw)
  To: Alfie John, Bitcoin Protocol Discussion

On Wed, Jun 8, 2016 at 11:47 PM, Alfie John via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> Hi folks,
>
> Overall I think BIP 151 is a good idea. However unless I'm mistaken, what's to
> prevent someone between peers to suppress the initial 'encinit' message during
> negotiation, causing both to fallback to plaintext?
>
> Peers should negotiate a secure channel from the outset or backout entirely
> with no option of falling back. This can be indicated loudly by the daemon
> listening on an entirely new port.

Reduction to plaintext isn't an interesting attack vector for an
active attacker: they can simply impersonate the remote side.

This is addressed via authentication, where available, which is done
by a separate specification that builds on this one.

Without authentication this only provides protection against passive attackers.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bitcoin-dev] BIP 151 MITM
  2016-06-09  1:24 ` Gregory Maxwell
@ 2016-06-09  1:42   ` Alfie John
  2016-06-09  6:57     ` Jonas Schnelli
  0 siblings, 1 reply; 5+ messages in thread
From: Alfie John @ 2016-06-09  1:42 UTC (permalink / raw)
  To: Gregory Maxwell; +Cc: Bitcoin Protocol Discussion

On Thu, Jun 09, 2016 at 01:24:09AM +0000, Gregory Maxwell wrote:
> Reduction to plaintext isn't an interesting attack vector for an active
> attacker: they can simply impersonate the remote side.
>
> This is addressed via authentication, where available, which is done by a
> separate specification that builds on this one.

Are there any links to discussions on how authentication may be done?

Thanks,

Alfie

-- 
Alfie John
https://www.alfie.wtf


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bitcoin-dev] BIP 151 MITM
  2016-06-09  1:42   ` Alfie John
@ 2016-06-09  6:57     ` Jonas Schnelli
  2016-06-09  7:00       ` Alfie John
  0 siblings, 1 reply; 5+ messages in thread
From: Jonas Schnelli @ 2016-06-09  6:57 UTC (permalink / raw)
  To: bitcoin-dev


[-- Attachment #1.1: Type: text/plain, Size: 957 bytes --]

Hi

> On Thu, Jun 09, 2016 at 01:24:09AM +0000, Gregory Maxwell wrote:
>> Reduction to plaintext isn't an interesting attack vector for an active
>> attacker: they can simply impersonate the remote side.
>>
>> This is addressed via authentication, where available, which is done by a
>> separate specification that builds on this one.
> 
> Are there any links to discussions on how authentication may be done?

I'm currently working on the Auth-BIP which is not worth reviewing it
right now (I will post it to the mailing list once it has been reached a
stable level where it can be discusses).

If you can't wait, here is the current work:
https://github.com/jonasschnelli/bips/blob/35d7e382cdd6955ff42726c3d06c44e33f61ae52/bip-undef-0.mediawiki


Most recent MITM/auth discussion (there where plenty of discussions on
IRC about this topic):
https://botbot.me/freenode/bitcoin-core-dev/2016-04-04/?msg=63463826&page=3


</jonas>


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bitcoin-dev] BIP 151 MITM
  2016-06-09  6:57     ` Jonas Schnelli
@ 2016-06-09  7:00       ` Alfie John
  0 siblings, 0 replies; 5+ messages in thread
From: Alfie John @ 2016-06-09  7:00 UTC (permalink / raw)
  To: Jonas Schnelli, Bitcoin Protocol Discussion

On Thu, Jun 09, 2016 at 08:57:29AM +0200, Jonas Schnelli via bitcoin-dev wrote:
> > Are there any links to discussions on how authentication may be done?
> 
> I'm currently working on the Auth-BIP which is not worth reviewing it
> right now (I will post it to the mailing list once it has been reached a
> stable level where it can be discusses).
> 
> If you can't wait, here is the current work:
> https://github.com/jonasschnelli/bips/blob/35d7e382cdd6955ff42726c3d06c44e33f61ae52/bip-undef-0.mediawiki
> 
> Most recent MITM/auth discussion (there where plenty of discussions on
> IRC about this topic):
> https://botbot.me/freenode/bitcoin-core-dev/2016-04-04/?msg=63463826&page=3

Awesome, thanks for the link Jonas.

Alfie

-- 
Alfie John
https://www.alfie.wtf


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2016-06-09  7:00 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-08 23:47 [bitcoin-dev] BIP 151 MITM Alfie John
2016-06-09  1:24 ` Gregory Maxwell
2016-06-09  1:42   ` Alfie John
2016-06-09  6:57     ` Jonas Schnelli
2016-06-09  7:00       ` Alfie John

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox