From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1UZPQh-0001er-3L for bitcoin-development@lists.sourceforge.net; Mon, 06 May 2013 17:42:27 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.215.51 as permitted sender) client-ip=209.85.215.51; envelope-from=gmaxwell@gmail.com; helo=mail-la0-f51.google.com; Received: from mail-la0-f51.google.com ([209.85.215.51]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1UZPQg-0001ux-44 for bitcoin-development@lists.sourceforge.net; Mon, 06 May 2013 17:42:27 +0000 Received: by mail-la0-f51.google.com with SMTP id ep20so3481255lab.24 for ; Mon, 06 May 2013 10:42:19 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.112.157.129 with SMTP id wm1mr2236941lbb.69.1367862139347; Mon, 06 May 2013 10:42:19 -0700 (PDT) Received: by 10.112.35.43 with HTTP; Mon, 6 May 2013 10:42:19 -0700 (PDT) In-Reply-To: <20130506171943.GA22505@petertodd.org> References: <20130506161216.GA5193@petertodd.org> <20130506163732.GB5193@petertodd.org> <20130506171943.GA22505@petertodd.org> Date: Mon, 6 May 2013 10:42:19 -0700 Message-ID: From: Gregory Maxwell To: Peter Todd Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1UZPQg-0001ux-44 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Discovery/addr packets (was: Service bits for pruned nodes) X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 May 2013 17:42:27 -0000 On Mon, May 6, 2013 at 10:19 AM, Peter Todd wrote: >> running hash of all messages sent on a connection so far. Add a new >> protocol message that asks the node to sign the current accumulated >> hash. > We already depend on OpenSSL, why not just use standard SSL? SSL doesn't actually provide non-repudiation. We actually want non-repudiation. I want to be able to prove to others that some node deceived me. (there are a number of other arguments I could make against SSL, but that one is probably sufficient=E2=80=94 or rather, it's an argument that w= e should have some way of cheaply getting non-reputable signatures regardless of the transport) >> Last time I looked, Tor wasn't really usable in library form and >> connecting to hidden services is really slow. So it'd be an issue to >> just re-use it out of the box, I think. > For phone stuff you should work with The Guardian Project - they've > implemented Tor on Android among other things and want to find easier > ways for apps to use it. Also look into torchat, which bundles a special tor build and runs a hidden service. Because of services like Blockchain.info attacking the casual privacy users not using their webwallet service I've been thinking that even for clients that don't normally use tor their own transaction announcements should probably be made by bringing up a connection over tor and announcing. But thats another matter... I've switched to running on tor exclusively for my personal node (yay dogfooding) and I've found it to connect and sync up very fast most of the time. The biggest slowdown appears to be the our timeout on the tor connections is very high and so if it gets unlucky on the first couple attempts it can be minutes before it gets a connection. We're short on onion peers and I sometimes get inbound connections before I manage to get an outbound.