From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id E7EB726C for ; Thu, 30 Jun 2016 12:43:13 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from server3 (server3.include7.ch [144.76.194.38]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id 476B0179 for ; Thu, 30 Jun 2016 12:43:13 +0000 (UTC) Received: by server3 (Postfix, from userid 115) id 6A5B52E605D9; Thu, 30 Jun 2016 14:43:12 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, FSL_HELO_NON_FQDN_1 autolearn=ham version=3.3.1 Received: from Jonass-MacBook-Pro-2.local (cable-static-140-182.teleport.ch [87.102.140.182]) by server3 (Postfix) with ESMTPSA id A68662D000CB; Thu, 30 Jun 2016 14:43:10 +0200 (CEST) To: Eric Voskuil References: <87h9cecad5.fsf@rustcorp.com.au> <1E86A00F-0609-4DBC-9543-94AE04CC13C9@voskuil.org> <577234A4.3030808@jonasschnelli.ch> <360EF9B8-A174-41CA-AFDD-2BC2C0B4DECB@voskuil.org> <20160629111728.GO13338@dosf1.alfie.wtf> <2981A919-4550-4807-8ED9-F8C51B2DC061@voskuil.org> <57750EAB.3020105@jonasschnelli.ch> <426C2AA3-BFB8-4C41-B4DF-4D6CC11988B2@voskuil.org> From: Jonas Schnelli Message-ID: <577513DB.60101@jonasschnelli.ch> Date: Thu, 30 Jun 2016 14:43:07 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <426C2AA3-BFB8-4C41-B4DF-4D6CC11988B2@voskuil.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="L7mssnahhQISi4kMGnoBpF8D4QJTjtEsk" Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] BIP 151 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2016 12:43:14 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --L7mssnahhQISi4kMGnoBpF8D4QJTjtEsk Content-Type: multipart/mixed; boundary="ms8FWqXX1Av7DnGV1R2QjLHKEikLWdiqP" From: Jonas Schnelli To: Eric Voskuil Cc: Alfie John , Bitcoin Protocol Discussion Message-ID: <577513DB.60101@jonasschnelli.ch> Subject: Re: [bitcoin-dev] BIP 151 References: <87h9cecad5.fsf@rustcorp.com.au> <1E86A00F-0609-4DBC-9543-94AE04CC13C9@voskuil.org> <577234A4.3030808@jonasschnelli.ch> <360EF9B8-A174-41CA-AFDD-2BC2C0B4DECB@voskuil.org> <20160629111728.GO13338@dosf1.alfie.wtf> <2981A919-4550-4807-8ED9-F8C51B2DC061@voskuil.org> <57750EAB.3020105@jonasschnelli.ch> <426C2AA3-BFB8-4C41-B4DF-4D6CC11988B2@voskuil.org> In-Reply-To: <426C2AA3-BFB8-4C41-B4DF-4D6CC11988B2@voskuil.org> --ms8FWqXX1Av7DnGV1R2QjLHKEikLWdiqP Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable >>> The core problem posed by BIP151 is a MITM attack. The implied soluti= on (BIP151 + authentication) requires that a peer trusts that another is = not an attacker. >> >> BIP151 would increase the risks for MITM attackers. >> What are the benefits for Mallory of he can't be sure Alice and Bob ma= y >> know that he is intercepting the channel? >=20 > It is not clear to me why you believe an attack on privacy by an anonym= ous peer is detectable. If Mallory has substituted the ephemeral keys in both directions, at the point where Alice and Bob will do an authentication, they can be sure Mallory is listening. Simple dummy example: 1.) Encryption setup with ECDH with ephemeral keys after BIP151 2.) Mallory is MITMling the connection. He is substituting both direction with its own keys 3.) Connection is successfully MITMled 4.) Alice tells Bob "prove me that you are Bob, please sign the session-ID with your identity key" 5.) Bob signs the sessionID (ECDH secret) with his identity key which will be unusable for Mallory who has a substituted sessionID in both directions. 6.) Alice has successfully detected the Mallory Disclaimer: 4) and 5) are _not_ authentication proposals :-) --ms8FWqXX1Av7DnGV1R2QjLHKEikLWdiqP-- --L7mssnahhQISi4kMGnoBpF8D4QJTjtEsk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXdRPbAAoJECnUvLZBb1PsOiUQAK8reN7FX6RXyksiKv1tWPVV 8GggyT3/ZAphCnpXp7BszY3/tr8XS8Lj/zWvbRpF8p9RY5yUARYZvroYrDtzUtov 4qj0FJONYyrmSjTWaQBLvn+r51MYbguubOsvvRXxTHm7mymrz37i3kzMfnnXVSb3 xMppfNUL2jy5etv7n09Mqr5VNXdM5vqQvKuG+qW04ptT76Oo0NJ1RA8Ea45qPEA8 gl9bQ96iV2vPGj1Af7iXFng7OUCgFO52TgYVDzDwEu7getD6U3t3NCRquaZSsr/4 XRTS6lozdMYkfocgM98S3GTnI3h6MkX66MkWoqryNrZpE72U90+Y0JY/BmQEvTLs oxRcHgzVkl9O/bN8SINWUjnpxGMVBBZNyMa9FkFKeBePuNtVMCp1w/RJ5k6v3u2r 7/Rp9tpnvsKSuaF/HfLPkF+VkRsURy8hzqkcAHD4lQFx3/adlZ0sLlIhybSJe3nG PvOxANPFk+G6RaGJcTfR+pW2YeqqQNTDC1DHSqu9j3XOXzVBk4dCIjplXnFT4lkT CGzLI3hwF4rBfEEARTe8ddchAM2Y0wPU+2IZbJ3DANRhBXFmSz+rx0qEDhRuWYl+ AKHWTjTzVW33MGlwkrZjiwvN0ySwmy9nL7EAqegZgTscY8RtJm9rPgk/O6po1lWd SjPO7pyp3qcJruL5M+ht =FCJG -----END PGP SIGNATURE----- --L7mssnahhQISi4kMGnoBpF8D4QJTjtEsk--