* [bitcoin-dev] BIP 151 MITM
@ 2016-06-08 23:47 Alfie John
2016-06-09 1:24 ` Gregory Maxwell
0 siblings, 1 reply; 5+ messages in thread
From: Alfie John @ 2016-06-08 23:47 UTC (permalink / raw)
To: bitcoin-dev
Hi folks,
Overall I think BIP 151 is a good idea. However unless I'm mistaken, what's to
prevent someone between peers to suppress the initial 'encinit' message during
negotiation, causing both to fallback to plaintext?
Peers should negotiate a secure channel from the outset or backout entirely
with no option of falling back. This can be indicated loudly by the daemon
listening on an entirely new port.
Alfie
--
Alfie John
https://www.alfie.wtf
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [bitcoin-dev] BIP 151 MITM
2016-06-08 23:47 [bitcoin-dev] BIP 151 MITM Alfie John
@ 2016-06-09 1:24 ` Gregory Maxwell
2016-06-09 1:42 ` Alfie John
0 siblings, 1 reply; 5+ messages in thread
From: Gregory Maxwell @ 2016-06-09 1:24 UTC (permalink / raw)
To: Alfie John, Bitcoin Protocol Discussion
On Wed, Jun 8, 2016 at 11:47 PM, Alfie John via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> Hi folks,
>
> Overall I think BIP 151 is a good idea. However unless I'm mistaken, what's to
> prevent someone between peers to suppress the initial 'encinit' message during
> negotiation, causing both to fallback to plaintext?
>
> Peers should negotiate a secure channel from the outset or backout entirely
> with no option of falling back. This can be indicated loudly by the daemon
> listening on an entirely new port.
Reduction to plaintext isn't an interesting attack vector for an
active attacker: they can simply impersonate the remote side.
This is addressed via authentication, where available, which is done
by a separate specification that builds on this one.
Without authentication this only provides protection against passive attackers.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [bitcoin-dev] BIP 151 MITM
2016-06-09 1:24 ` Gregory Maxwell
@ 2016-06-09 1:42 ` Alfie John
2016-06-09 6:57 ` Jonas Schnelli
0 siblings, 1 reply; 5+ messages in thread
From: Alfie John @ 2016-06-09 1:42 UTC (permalink / raw)
To: Gregory Maxwell; +Cc: Bitcoin Protocol Discussion
On Thu, Jun 09, 2016 at 01:24:09AM +0000, Gregory Maxwell wrote:
> Reduction to plaintext isn't an interesting attack vector for an active
> attacker: they can simply impersonate the remote side.
>
> This is addressed via authentication, where available, which is done by a
> separate specification that builds on this one.
Are there any links to discussions on how authentication may be done?
Thanks,
Alfie
--
Alfie John
https://www.alfie.wtf
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-06-09 7:00 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-08 23:47 [bitcoin-dev] BIP 151 MITM Alfie John
2016-06-09 1:24 ` Gregory Maxwell
2016-06-09 1:42 ` Alfie John
2016-06-09 6:57 ` Jonas Schnelli
2016-06-09 7:00 ` Alfie John
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox