Gregory Maxwell [ARCHIVE] on Nostr: 📅 Original date posted:2014-08-19 📝 Original message:On Tue, Aug 19, 2014 at ...
📅 Original date posted:2014-08-19
📝 Original message:On Tue, Aug 19, 2014 at 4:39 PM, Justus Ranvier
<justusranvier at riseup.net> wrote:
> While the rest of the 'net is busy deprecating HTTP and all other
> unencrypted transport methods, why is it(*) even a debate?
I think it's desirable (and you can go look in #bitcoin-dev logs for
me talking about it in the past)— but all of engineering is
tradeoffs... and the ones involved here don't make it a high priority
in my book, esp when people should be using Bitcoin over tor in any
case, which provides better privacy and also covers encrypt + auth.
In general I think authentication is more important than encryption,
since authentication is table stakes required for a number of
anti-partitioning-attack measures. My past thinking on opportunistic
encryption is that once you're authenticating also encrypting would be
fairly little work, but it should be auth that drives that kind of
effort.
📝 Original message:On Tue, Aug 19, 2014 at 4:39 PM, Justus Ranvier
<justusranvier at riseup.net> wrote:
> While the rest of the 'net is busy deprecating HTTP and all other
> unencrypted transport methods, why is it(*) even a debate?
I think it's desirable (and you can go look in #bitcoin-dev logs for
me talking about it in the past)— but all of engineering is
tradeoffs... and the ones involved here don't make it a high priority
in my book, esp when people should be using Bitcoin over tor in any
case, which provides better privacy and also covers encrypt + auth.
In general I think authentication is more important than encryption,
since authentication is table stakes required for a number of
anti-partitioning-attack measures. My past thinking on opportunistic
encryption is that once you're authenticating also encrypting would be
fairly little work, but it should be auth that drives that kind of
effort.