On Tue, Jul 23, 2013 at 4:36 AM, Pieter Wuille <pieter.wuille@gmail.com> wrote:

Apart from that, exposing this HTTP-based interface publicly has its

own problems, like security risks and potential DoS risks. If
anything, we should be reducing the attack surface rather than
increase it. IMHO, the only thing that should be exposed in the P2P
protocol, which is inevitable, and already has some DoS protections.

I like this HTTP interface, but it should really only be used for
trusted local applications and debugging.

We already have a good private HTTP interface. Most benefits of this REST interface come from exposing it publicly. As always, the challenge is balancing costs and benefits. I'm not confident that either can be known with certainty until a well-written prototype is running in the wild. As some nodes expose this interface, we'll gain concrete experience from which node operators can make informed security trade offs.

Michael