On Tue, Jun 28, 2016 at 10:29:54PM +0200, Eric Voskuil wrote: > > > > On Jun 28, 2016, at 10:14 PM, Peter Todd <p...@petertodd.org> wrote: > > > >> On Tue, Jun 28, 2016 at 08:35:26PM +0200, Eric Voskuil wrote: > >> Hi Peter, > >> > >> What in this BIP makes a MITM attack easier (or easy) to detect, or > >> increases the probability of one being detected? > > > > BIP151 gives users the tools to detect a MITM attack. > > > > It's kinda like PGP in that way: lots of PGP users don't properly check > > keys, > > PGP requires a secure side channel for transmission of public keys. How does > one "check" a key of an anonymous peer? I know you well enough to know you > wouldn't trust a PGP key received over an insecure channel. > > All you can prove is that you are talking to a peer and that communications > in the session remain with that peer. The peer can be the attacker. As Jonas > has acknowledged, authentication is required to actually guard against MITM > attacks.
Easy: anonymous peers aren't always actually anonymous. A MITM attacker can't easily distinguish communications between two nodes that randomly picked their peers, and nodes that are connected because their operators manually used -addnode to peer; in the latter case the operators can check whether or not they're being attacked with an out-of-band key check. -- https://petertodd.org 'peter'[:-1]@petertodd.org
signature.asc
Description: Digital signature
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev