📅 Original date posted:2014-08-08
📝 Original message:gmaxwell noted on IRC that enabling TLS could be functionally, if not
literally, a DoS on the pool servers. Hence the thought towards a
more lightweight method that simply prevents client payout redirection
+ server impersonation.
On Fri, Aug 8, 2014 at 5:53 AM, Mike Hearn <mike at plan99.net> wrote:
>> Certificate validation isn't needed unless the attacker can do a direct
>> MITM
>> at connection time, which is a lot harder to maintain than injecting a
>> client.reconnect.
>
>
> Surely the TCP connection will be reset once the route reconfiguration is
> completed, either by the MITM server or by the client TCP stack when it
> discovers the server doesn't know about the connection anymore?
>
> TLS without cert validation defeats the point, you can still be connected to
> a MITM at any point by anyone who can simply interrupt or corrupt the
> stream, forcing a reconnect.
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
--
Jeff Garzik
Bitcoin core developer and open source evangelist
BitPay, Inc. https://bitpay.com/
Jeff Garzik [ARCHIVE] /
npub1kf…f3f58
2023-06-07 17:25:00
in reply to nevent1q…4ram
Author Public Key
npub1kf0ppcjaguxekg24yx6smgxlu73qn0k8lm0t2wrqc0scpl7u3sgsmf3f58Published at
2023-06-07 17:25:00Event JSON
{
"id": "7c6b12db7740e61d1c4eff7f26fc053834f9ae591a393ca035294a826e60d900",
"pubkey": "b25e10e25d470d9b215521b50da0dfe7a209bec7fedeb53860c3e180ffdc8c11",
"created_at": 1686151500,
"kind": 1,
"tags": [
[
"e",
"6cef07af0faac9707f80f8840d2c81c59eb26cce03afa7fdc1332a0b02a13efb",
"",
"root"
],
[
"e",
"d55360ba36df0e52337648640d342bbe7badda9c01d48fe714274e8c4dc05365",
"",
"reply"
],
[
"p",
"f2c95df3766562e3b96b79a0254881c59e8639f23987846961cf55412a77f6f2"
]
],
"content": "📅 Original date posted:2014-08-08\n📝 Original message:gmaxwell noted on IRC that enabling TLS could be functionally, if not\nliterally, a DoS on the pool servers. Hence the thought towards a\nmore lightweight method that simply prevents client payout redirection\n+ server impersonation.\n\n\nOn Fri, Aug 8, 2014 at 5:53 AM, Mike Hearn \u003cmike at plan99.net\u003e wrote:\n\u003e\u003e Certificate validation isn't needed unless the attacker can do a direct\n\u003e\u003e MITM\n\u003e\u003e at connection time, which is a lot harder to maintain than injecting a\n\u003e\u003e client.reconnect.\n\u003e\n\u003e\n\u003e Surely the TCP connection will be reset once the route reconfiguration is\n\u003e completed, either by the MITM server or by the client TCP stack when it\n\u003e discovers the server doesn't know about the connection anymore?\n\u003e\n\u003e TLS without cert validation defeats the point, you can still be connected to\n\u003e a MITM at any point by anyone who can simply interrupt or corrupt the\n\u003e stream, forcing a reconnect.\n\u003e\n\u003e ------------------------------------------------------------------------------\n\u003e Want fast and easy access to all the code in your enterprise? Index and\n\u003e search up to 200,000 lines of code with a free copy of Black Duck\n\u003e Code Sight - the same software that powers the world's largest code\n\u003e search on Ohloh, the Black Duck Open Hub! Try it now.\n\u003e http://p.sf.net/sfu/bds\n\u003e _______________________________________________\n\u003e Bitcoin-development mailing list\n\u003e Bitcoin-development at lists.sourceforge.net\n\u003e https://lists.sourceforge.net/lists/listinfo/bitcoin-development\n\u003e\n\n\n\n-- \nJeff Garzik\nBitcoin core developer and open source evangelist\nBitPay, Inc. https://bitpay.com/",
"sig": "0e61fb381f767e3ea1653098eb006066d4a38716be3bb381017a55b6760c8d880018d547ad68eae930b8a84ad996e460ad88a057b135f1fefe14abafb39a527f"
}