public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Eric Voskuil <eric@voskuil.org>
To: John Hardy <john@seebitcoin.com>,
	Bitcoin Protocol Discussion
	<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Unique node identifiers
Date: Tue, 7 Mar 2017 10:44:07 -0800	[thread overview]
Message-ID: <D4B674DB-8F2E-4AA1-B271-FEE02A62A274@voskuil.org> (raw)
In-Reply-To: <BL2PR03MB435029A0856DC7077D4AD68EE2D0@BL2PR03MB435.namprd03.prod.outlook.com>

[-- Attachment #1: Type: text/plain, Size: 4707 bytes --]


> On Mar 5, 2017, at 5:57 AM, John Hardy via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
> 
> > Nodes are by design not supposed to be identifiable in any way

This is of course my objection to BIP150 ("a way for peers to ... guarantee node ownership").

> I feel you're conflating social identifiability with technical identifiability. Sure, a node operator must always be able to remain anonymous, but nodes themselves require a certain level of identifiability otherwise there would be no means to communicate between them.

Anonymous node identity is pointless, and is why I object to BIP151. It provides no actual security/privacy benefit and is a stepping stone to non-anonymous node identity (e.g. BIP150).

> I agree that absolute node counts have their limitations, but that doesn't stop them being used as a measure and even propaganda tool. If something like this is a way to help highlight the latter when it is occurring I think it has value. I 'm not convinced that node identifiers or identity persistence would have any meaningful impact on privacy, though am open to being convinced otherwise.

Bitcoin does not require node counts, and this proposal is redundant with BIP150.

e

> 
> From: Btc Drak <btcdrak@gmail.com>
> Sent: Sunday, March 5, 2017 1:27 PM
> To: John Hardy; Bitcoin Protocol Discussion
> Subject: Re: [bitcoin-dev] Unique node identifiers
>  
> Nodes are by design not supposed to be identifiable in any way, including persisting identities across IPs changes or when connecting over different networks (e.g. clearnet/tor). Anything that makes Bitcoin less private is a step backwards. Also absolute node count is pretty meaningless since only fully validating nodes that participate in economic activity really matter.
> 
> As a side note, this should probably have started out as a bitcoin-discuss post.
> 
>> On Sat, Mar 4, 2017 at 4:04 PM, John Hardy via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
>> The discussion of UASF got me thinking about whether such a
>>  method might lead to sybil attacks, with new nodes created purely to inflate the node count for a particular implementation in an attempt at social engineering.
>> 
>> I had an idea for an anonymous, opt-in, unique node identification
>>  mechanism to help counter this.
>> 
>> This would give every node the opportunity to create a node
>>  ‘address’/unique identifier. This could even come in the form of a Bitcoin address.
>> 
>> The node on first installation generates and backs up a private
>>  key. The corresponding public key becomes that node’s unique identifier. If the node switches to a new software version or a new IP, the identifier can remain constant if the node operator chooses.
>> 
>> Asking a node for its identifier can be done by sending a message
>>  the command ‘identify’ and a challenge. The node can then respond with its unique identifier and a signature for the challenge to prove it. The node can also include what software it is running and sign this information so it can be verified as legitimate
>>  by third parties.
>> 
>> Why would we do this?
>> 
>> Well, it adds a small but very useful piece of data when compiling
>>  lists of active nodes.
>> 
>> Any register of active nodes can have a record of when a node
>>  identifier was “first seen”, and how many IPs the same identifier has broadcast from. Also, crucially, we could see what software the node operator has been seen running historically.
>> 
>> This information would make it easy to identify patterns. For
>>  example if a huge new group of nodes appeared on the network with no history for their identifier they could likely be dismissed as sybil attacks. If a huge number of nodes that had been reporting as Bitcoin Core for an extended period of time started switching
>>  to a rival implementation, this would add credibility but not certainty (keys could be traded), that the shift was more organic.
>> 
>> This would be trivial to implement, is (to me?) non-controversial,
>>  and would give a way for a node to link itself to a pseudo-anonymous identity, but with the freedom to opt-out at any time.
>> 
>> Keen to hear any thoughts?
>> 
>> Thanks,
>> 
>> John Hardy
>> john@seebitcoin.com
>> 
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>> 
> 
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

[-- Attachment #2: Type: text/html, Size: 10365 bytes --]

  reply	other threads:[~2017-03-07 18:44 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-04 16:04 [bitcoin-dev] Unique node identifiers John Hardy
2017-03-05  6:29 ` Marcel Jamin
2017-03-05 12:55   ` John Hardy
2017-03-05 13:27 ` Btc Drak
2017-03-05 13:57   ` John Hardy
2017-03-07 18:44     ` Eric Voskuil [this message]
2017-03-08  2:01       ` bfd
2017-03-08 19:47       ` Jonas Schnelli
2017-03-08 21:09         ` Eric Voskuil
2017-03-08 21:20           ` Jonas Schnelli
2017-03-08 23:12             ` Pieter Wuille
     [not found]               ` <6a5a6a8f-d689-260a-76a9-a91f6bda56c5@voskuil.org>
2017-03-09  1:55                 ` Pieter Wuille
2017-03-09 11:01                   ` Aymeric Vitte
2017-03-09  1:08             ` Eric Voskuil
2017-03-08 21:25         ` [bitcoin-dev] Unique node identifiers (and BIP150) Tom Zander
2017-03-08 21:31           ` Jonas Schnelli
     [not found] <7c5020dd-5259-9954-7bf1-06fa98124f8f@voskuil.org>
2017-03-22  0:04 ` [bitcoin-dev] Unique node identifiers Eric Voskuil

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=D4B674DB-8F2E-4AA1-B271-FEE02A62A274@voskuil.org \
    --to=eric@voskuil.org \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=john@seebitcoin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox