Peter Todd [ARCHIVE] on Nostr: đź“… Original date posted:2013-05-06 đź“ť Original message:On Mon, May 06, 2013 at ...
đź“… Original date posted:2013-05-06
đź“ť Original message:On Mon, May 06, 2013 at 10:42:19AM -0700, Gregory Maxwell wrote:
> On Mon, May 6, 2013 at 10:19 AM, Peter Todd <pete at petertodd.org> wrote:
> >> running hash of all messages sent on a connection so far. Add a new
> >> protocol message that asks the node to sign the current accumulated
> >> hash.
> > We already depend on OpenSSL, why not just use standard SSL?
>
> SSL doesn't actually provide non-repudiation. We actually want
> non-repudiation. I want to be able to prove to others that some node
> deceived me.
We don't have non-repudiation now, why make that a requirement for the
first version? Adding non-repudiation is something that has to happen at
the Bitcoin protocol level,(1) so it's orthogonal to using SSL to make sure
you're connection isn't being tampered with and is encrypted.
1) Non-repudiation is only useful with fraud proofs, and they will have
to be thought out for everything the node might claim.
> (there are a number of other arguments I could make against SSL, but
> that one is probably sufficient— or rather, it's an argument that we
> should have some way of cheaply getting non-reputable signatures
> regardless of the transport)
Exactly. Implement an SSL-protected transport, and leave non-repudiation
and broader issues of node identity as a later, long-term project. Many
client won't even want to support all that complexity, but they'll still
want to cheaply get the advantages SSL has with regard to MITM
resistance and privacy with little effort.
Anyway, the concept of a per-node identity keypair is the first step
towards non-repudiation, and implementing SSL transport.
> couple attempts it can be minutes before it gets a connection. We're
> short on onion peers and I sometimes get inbound connections before I
I run a fast node on EC2 that only accepts inbound connections over Tor
and I regularly have about ~50 inbound peers.
--
'peter'[:-1]@petertodd.org
0000000000000042d8b5bc3ca04847f711b82b66f08b7360a565ebd0b131621c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130506/6c9965dc/attachment.sig>;
đź“ť Original message:On Mon, May 06, 2013 at 10:42:19AM -0700, Gregory Maxwell wrote:
> On Mon, May 6, 2013 at 10:19 AM, Peter Todd <pete at petertodd.org> wrote:
> >> running hash of all messages sent on a connection so far. Add a new
> >> protocol message that asks the node to sign the current accumulated
> >> hash.
> > We already depend on OpenSSL, why not just use standard SSL?
>
> SSL doesn't actually provide non-repudiation. We actually want
> non-repudiation. I want to be able to prove to others that some node
> deceived me.
We don't have non-repudiation now, why make that a requirement for the
first version? Adding non-repudiation is something that has to happen at
the Bitcoin protocol level,(1) so it's orthogonal to using SSL to make sure
you're connection isn't being tampered with and is encrypted.
1) Non-repudiation is only useful with fraud proofs, and they will have
to be thought out for everything the node might claim.
> (there are a number of other arguments I could make against SSL, but
> that one is probably sufficient— or rather, it's an argument that we
> should have some way of cheaply getting non-reputable signatures
> regardless of the transport)
Exactly. Implement an SSL-protected transport, and leave non-repudiation
and broader issues of node identity as a later, long-term project. Many
client won't even want to support all that complexity, but they'll still
want to cheaply get the advantages SSL has with regard to MITM
resistance and privacy with little effort.
Anyway, the concept of a per-node identity keypair is the first step
towards non-repudiation, and implementing SSL transport.
> couple attempts it can be minutes before it gets a connection. We're
> short on onion peers and I sometimes get inbound connections before I
I run a fast node on EC2 that only accepts inbound connections over Tor
and I regularly have about ~50 inbound peers.
--
'peter'[:-1]@petertodd.org
0000000000000042d8b5bc3ca04847f711b82b66f08b7360a565ebd0b131621c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130506/6c9965dc/attachment.sig>;