Michael Hendricks [ARCHIVE] on Nostr: π Original date posted:2013-07-23 π Original message:On Tue, Jul 23, 2013 at ...
π
Original date posted:2013-07-23
π Original message:On Tue, Jul 23, 2013 at 4:36 AM, Pieter Wuille <pieter.wuille at gmail.com>wrote:
> Apart from that, exposing this HTTP-based interface publicly has its
> own problems, like security risks and potential DoS risks. If
> anything, we should be reducing the attack surface rather than
> increase it. IMHO, the only thing that should be exposed in the P2P
> protocol, which is inevitable, and already has some DoS protections.
>
> I like this HTTP interface, but it should really only be used for
> trusted local applications and debugging.
>
We already have a good private HTTP interface. Most benefits of this REST
interface come from exposing it publicly. As always, the challenge is
balancing costs and benefits. I'm not confident that either can be known
with certainty until a well-written prototype is running in the wild. As
some nodes expose this interface, we'll gain concrete experience from which
node operators can make informed security trade offs.
--
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130723/8d1b3f10/attachment.html>
π Original message:On Tue, Jul 23, 2013 at 4:36 AM, Pieter Wuille <pieter.wuille at gmail.com>wrote:
> Apart from that, exposing this HTTP-based interface publicly has its
> own problems, like security risks and potential DoS risks. If
> anything, we should be reducing the attack surface rather than
> increase it. IMHO, the only thing that should be exposed in the P2P
> protocol, which is inevitable, and already has some DoS protections.
>
> I like this HTTP interface, but it should really only be used for
> trusted local applications and debugging.
>
We already have a good private HTTP interface. Most benefits of this REST
interface come from exposing it publicly. As always, the challenge is
balancing costs and benefits. I'm not confident that either can be known
with certainty until a well-written prototype is running in the wild. As
some nodes expose this interface, we'll gain concrete experience from which
node operators can make informed security trade offs.
--
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130723/8d1b3f10/attachment.html>