📅 Original date posted:2013-07-23 📝 Original message:On Tue, Jul 23, 2013 at ...

Pieter Wuille [ARCHIVE] /

npub1tje…tl6r

2023-06-07 15:05:01

in reply to nevent1q…23wl

📅 Original date posted:2013-07-23
📝 Original message:On Tue, Jul 23, 2013 at 12:29 PM, Andreas Schildbach
<andreas at schildbach.de> wrote:
> Yes, I understand that. For this reason, I would vote for adding the
> usual HTTP authentication/SSL stuff to the REST API. That way, SPV users
> can decide to run their own instance of the API (providing the needed
> resources themselves).
>
> Or, a trusted party can set up a server. For example, I would be willing
> to set it up for users of Bitcoin Wallet. I don't expect shitloads of
> paper wallets sweeps for the forseeable future.

I don't object to using a trusted server for this if people want that,
but I don't think the reference client should encourage this.

Apart from that, exposing this HTTP-based interface publicly has its
own problems, like security risks and potential DoS risks. If
anything, we should be reducing the attack surface rather than
increase it. IMHO, the only thing that should be exposed in the P2P
protocol, which is inevitable, and already has some DoS protections.

I like this HTTP interface, but it should really only be used for
trusted local applications and debugging.

--
Pieter

Author Public Key

npub1tjephawh7fdf6358jufuh5eyxwauzrjqa7qn50pglee4tayc2ntqcjtl6r

Show more details

Published at

2023-06-07 15:05:01

Kind type

1 Short Text Note

Event JSON

{ "id": "8b87934041f33e06a56078310d27e13dc240d0d561b2845a9a9eeb8798acc33a", "pubkey": "5cb21bf5d7f25a9d46879713cbd32433bbc10e40ef813a3c28fe7355f49854d6", "created_at": 1686150301, "kind": 1, "tags": [ [ "e", "2548e3bbd5806f0a91f1440e5be19b1893f723d052860cba20b98f557d042316", "", "root" ], [ "e", "f040b089875927a87e47729baaed5a6b8604ea59ba5a6ed70ba21c17b273724a", "", "reply" ], [ "p", "3215b3d77dff1f84eeb5ad46fb1206a8d1657b3ea765a80b5489ece3a702d2bc" ] ], "content": "📅 Original date posted:2013-07-23\n📝 Original message:On Tue, Jul 23, 2013 at 12:29 PM, Andreas Schildbach\n\u003candreas at schildbach.de\u003e wrote:\n\u003e Yes, I understand that. For this reason, I would vote for adding the\n\u003e usual HTTP authentication/SSL stuff to the REST API. That way, SPV users\n\u003e can decide to run their own instance of the API (providing the needed\n\u003e resources themselves).\n\u003e\n\u003e Or, a trusted party can set up a server. For example, I would be willing\n\u003e to set it up for users of Bitcoin Wallet. I don't expect shitloads of\n\u003e paper wallets sweeps for the forseeable future.\n\nI don't object to using a trusted server for this if people want that,\nbut I don't think the reference client should encourage this.\n\nApart from that, exposing this HTTP-based interface publicly has its\nown problems, like security risks and potential DoS risks. If\nanything, we should be reducing the attack surface rather than\nincrease it. IMHO, the only thing that should be exposed in the P2P\nprotocol, which is inevitable, and already has some DoS protections.\n\nI like this HTTP interface, but it should really only be used for\ntrusted local applications and debugging.\n\n-- \nPieter", "sig": "6acba6c8665298060793d3b5b7b6d6eb293366d75eb6774065b171505b7b181dbbeaee441403f6aafaab387149b5b80cbb4bd188dcaf4c8aac7e70f60bb61f4c" }