📅 Original date posted:2016-03-24
📝 Original message:On Wednesday, March 23, 2016 3:24:12 PM Jonas Schnelli via bitcoin-dev wrote:
> I have just PRed a draft version of two BIPs I recently wrote.
> https://github.com/bitcoin/bips/pull/362
In the future, please submit BIP drafts to the mailing list for comment and
initial peer review before opening a pull request (or requesting a BIP number
assignment), per BIP 1.
> Each peer that supports p2p authentication, must provide two user editable
> databases (can be a simple record-per-line file).
As long as the format of these databases is not standardised, it seems
inappropriate to define *any* of this implementation detail in a BIP.
> A peer can send an authenticate message by wrapping the desired message into
> an <code>auth</code>-message-wrapper to the remote peer.
How does a peer know what messages the other peer requires to be
authenticated?
> 33bytes || identity-pubkey || comp.-pubkey || The identity pubkey of the
> requesting peer
Seems a waste to include this with every single [authenticated] message...
> 8bytes || auth-msg-id || int64 || up-counting auth-msg-id (0 to INT64MAX)
Is this required to persist across connections/restarts/possibly complete
reinstalls?
Can the same auth-msg-id be used for multiple peers, so a message can be
signed once and sent to all N peers?
> Responding peers must ignore (banning would lead to fingerprinting) the
> requesting peer after 5 unsuccessfully authentication tries to avoid
> resource attacks.
How does banning in this specific case enable fingerprinting as opposed to any
other banning?
> The peers should display the identity-pubkey as a identity-address to the
> users, which is a base58-check encoded ripemd160(sha256) hash.
If this is going to become a general-purpose identity system, I think more is
needed than a simple EC keypair. At the very least, it should probably use a
HD chain and use a new key for every signature (notice you already have auth-
msg-id to use with this!).
> This proposal is backward compatible. Non supporting peers will ignore the
> <code>auth</code> message.
... and not process it at all? How is that backward compatible?
> Encrypting traffic between peers is already possible with VPN, tor, stunnel,
> curveCP or any other encryption mechanism on a deeper OSI level, however,
> most mechanism are not practical for SPV or other DHCP/NAT environment and
> will require significant knowhow in how to setup a secure channel.
I don't see how Tor fails this criteria...
> The responding peer will set a session timeout time-interval. The default
> must be 1'800 seconds.
What default? Is the timeout field optional? Why not simply require it?
> This proposal is backward compatible. Non supporting peers will ignore the
> <code>enc*</code> messages.
How should the supporting peer handle the message being ignored?
Luke
Luke Dashjr [ARCHIVE] /
npub1tf…rfq0n
2023-06-07 19:49:59
in reply to nevent1q…z8wu
Author Public Key
npub1tfk373zg9dnmtvxnpnq7s2dkdgj37rwfj3yrwld7830qltmv8qps8rfq0nPublished at
2023-06-07 19:49:59Event JSON
{
"id": "f74aa8ef7949b1a629d7e904f823086cc46fba1ad7388bdc39ea27328fedca5f",
"pubkey": "5a6d1f44482b67b5b0d30cc1e829b66a251f0dc99448377dbe3c5e0faf6c3803",
"created_at": 1686160199,
"kind": 1,
"tags": [
[
"e",
"1c87d471b2f2da141b64e0a9c480b3ca53986e57331a196cd0234d6c8fb75484",
"",
"root"
],
[
"e",
"f7ac7b4871a120924d70883e0a1c9a330953839428bbed666d8b230217f5b547",
"",
"reply"
],
[
"p",
"4b38603408f5be002091210e869a4ca86fc2aa1ffd0871036a0668068ee626ee"
]
],
"content": "📅 Original date posted:2016-03-24\n📝 Original message:On Wednesday, March 23, 2016 3:24:12 PM Jonas Schnelli via bitcoin-dev wrote:\n\u003e I have just PRed a draft version of two BIPs I recently wrote.\n\u003e https://github.com/bitcoin/bips/pull/362\n\nIn the future, please submit BIP drafts to the mailing list for comment and \ninitial peer review before opening a pull request (or requesting a BIP number \nassignment), per BIP 1.\n\n\u003e Each peer that supports p2p authentication, must provide two user editable\n\u003e databases (can be a simple record-per-line file).\n\nAs long as the format of these databases is not standardised, it seems \ninappropriate to define *any* of this implementation detail in a BIP.\n\n\u003e A peer can send an authenticate message by wrapping the desired message into\n\u003e an \u003ccode\u003eauth\u003c/code\u003e-message-wrapper to the remote peer.\n\nHow does a peer know what messages the other peer requires to be \nauthenticated?\n\n\u003e 33bytes || identity-pubkey || comp.-pubkey || The identity pubkey of the\n\u003e requesting peer\n\nSeems a waste to include this with every single [authenticated] message...\n\n\u003e 8bytes || auth-msg-id || int64 || up-counting auth-msg-id (0 to INT64MAX)\n\nIs this required to persist across connections/restarts/possibly complete \nreinstalls?\n\nCan the same auth-msg-id be used for multiple peers, so a message can be \nsigned once and sent to all N peers?\n\n\u003e Responding peers must ignore (banning would lead to fingerprinting) the\n\u003e requesting peer after 5 unsuccessfully authentication tries to avoid\n\u003e resource attacks.\n\nHow does banning in this specific case enable fingerprinting as opposed to any \nother banning?\n\n\u003e The peers should display the identity-pubkey as a identity-address to the\n\u003e users, which is a base58-check encoded ripemd160(sha256) hash.\n\nIf this is going to become a general-purpose identity system, I think more is \nneeded than a simple EC keypair. At the very least, it should probably use a \nHD chain and use a new key for every signature (notice you already have auth-\nmsg-id to use with this!).\n\n\u003e This proposal is backward compatible. Non supporting peers will ignore the\n\u003e \u003ccode\u003eauth\u003c/code\u003e message.\n\n... and not process it at all? How is that backward compatible?\n\n\u003e Encrypting traffic between peers is already possible with VPN, tor, stunnel,\n\u003e curveCP or any other encryption mechanism on a deeper OSI level, however, \n\u003e most mechanism are not practical for SPV or other DHCP/NAT environment and\n\u003e will require significant knowhow in how to setup a secure channel.\n\nI don't see how Tor fails this criteria...\n\n\u003e The responding peer will set a session timeout time-interval. The default\n\u003e must be 1'800 seconds.\n\nWhat default? Is the timeout field optional? Why not simply require it?\n\n\u003e This proposal is backward compatible. Non supporting peers will ignore the\n\u003e \u003ccode\u003eenc*\u003c/code\u003e messages.\n\nHow should the supporting peer handle the message being ignored?\n\nLuke",
"sig": "3fbb266c7864117c887a8608fe507257279d4ba50745ed95713df462dce6f552e12133ee9fc29804b158b65faf06e4eff07f5da6e51a4699394507eba020e11d"
}