From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1W3k8b-00084x-GW for bitcoin-development@lists.sourceforge.net; Thu, 16 Jan 2014 10:25:25 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.214.174 as permitted sender) client-ip=209.85.214.174; envelope-from=mh.in.england@gmail.com; helo=mail-ob0-f174.google.com; Received: from mail-ob0-f174.google.com ([209.85.214.174]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1W3k8Z-0001QW-Ka for bitcoin-development@lists.sourceforge.net; Thu, 16 Jan 2014 10:25:25 +0000 Received: by mail-ob0-f174.google.com with SMTP id wo20so2501781obc.5 for ; Thu, 16 Jan 2014 02:25:18 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.60.65.5 with SMTP id t5mr6341553oes.19.1389867918257; Thu, 16 Jan 2014 02:25:18 -0800 (PST) Sender: mh.in.england@gmail.com Received: by 10.76.99.112 with HTTP; Thu, 16 Jan 2014 02:25:18 -0800 (PST) In-Reply-To: References: <5747D5DF-879B-4A60-8BD6-18251E7D5F47@plan99.net> Date: Thu, 16 Jan 2014 11:25:18 +0100 X-Google-Sender-Auth: VdZzdqEFSuw9Dx6HSxwTjqpCKXw Message-ID: From: Mike Hearn To: Brooks Boyd Content-Type: multipart/alternative; boundary=001a11c1d6a88d772f04f013d747 X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1W3k8Z-0001QW-Ka Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Tor / SPV X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2014 10:25:25 -0000 --001a11c1d6a88d772f04f013d747 Content-Type: text/plain; charset=UTF-8 Yes correct, using hidden services just as a kind of more complicated, out of process/sandboxable SSL. > would the overall transactions/second the Bitcoin network could handle go > down? > If all nodes talked to each other all the time over Tor, probably yes because Bitcoin is quite sensitive to latency. But what I'm proposing here is less ambitious. It's just about protecting (parts of) end-user-to-network communication, which is a much less risky sort of change. P2P nodes would still talk to each other in the clear. SSL for everything is still an idea I like, but it's true that increasing bitcoind attack surface area is not something to take lightly. Considering that the clearnet sybil protection also relies on scaling > up the resource requirements for an attacker, why not require hidden > service addresses following a certain pattern, like a fixed prefix? I'm sure we can come up with all kinds of neat anti-sybil techniques, but IMHO they are separate projects. I'm trying to find an upgrade that's small enough to be easily switched on by default for lots of users, today, that is low risk for the network overall. Later on we can add elaborations. The SPV node could connect to the IP using Tor. It would preserve the > privacy of the SPV node - hard to see it's running Bitcoin. It also > reduces the ability of an attacker to MITM because the routing varies > with each exit node. Right so the key question is, to what extent does Tor open you up to MITM attacks? I don't have a good feel for this. I read about exit nodes routinely doing very naughty things, but I don't know how widespread that is. Probably you're right that with random selection of exits you're not excessively likely to get MITMd. How does Tor itself manage anti-sybil? I know they have the directory consensus and they measure nodes to ensure they're delivering the resources they claim to have. Punting anti-sybil up to the Tor people and letting them worry about it is quite an attractive idea. --001a11c1d6a88d772f04f013d747 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Yes correct, using hidden services just as a kind of more complicated, out= of process/sandboxable SSL.
=C2=A0
would the overall transactions/= second the Bitcoin network could handle go down?

If all nodes talked to each other all the time over Tor, = probably yes because Bitcoin is quite sensitive to latency. But what I'= m proposing here is less ambitious. It's just about protecting (parts o= f) end-user-to-network communication, which is a much less risky sort of ch= ange. P2P nodes would still talk to each other in the clear.

SSL for everything is still an idea I like, but it'= s true that increasing bitcoind attack surface area is not something to tak= e lightly.

Considering that the clearnet sybil protection also relies on scaling
up= the resource requirements for an attacker, why not require hidden
servi= ce addresses following a certain pattern, like a fixed prefix?

I'm sure we can come up with all kinds of nea= t anti-sybil techniques, but IMHO they are separate projects. I'm tryin= g to find an upgrade that's small enough to be easily switched on by de= fault for lots of users, today, that is low risk for the network overall. L= ater on we can add elaborations.

The SPV node could connect to the IP us= ing Tor. =C2=A0It would preserve the
privacy of the SPV node - hard to see it's running Bitcoin. = =C2=A0It also
reduces the ability of an attacker to MITM beca= use the routing varies
with each exit node.

Righ= t so the key question is, to what extent does Tor open you up to MITM attac= ks? =C2=A0I don't have a good feel for this. I read about exit nodes ro= utinely doing very naughty things, but I don't know how widespread that= is. Probably you're right that with random selection of exits you'= re not excessively likely to get MITMd.

How does Tor itself manage anti-sybil? I know they have= the directory consensus and they measure nodes to ensure they're deliv= ering the resources they claim to have. Punting anti-sybil up to the Tor pe= ople and letting them worry about it is quite an attractive idea.

--001a11c1d6a88d772f04f013d747--