Good quote.
“This paired with the high likelihood that ION DIDs will almost always be resolved by ION nodes instead of clients/light wallets manually doing what an ION node does for you sort of nullifies / diminishes the censorship resistance provided by the anchor to Bitcoin.”
Thanks Moe.
We cannot rely on a prevalence of honest ION nodes as a form of security because it creates the risk of an ION Sybil attack. The proof a user receives must prove that the URL is not registered to anyone else, like it does in ENS.
Unlike ENS, an ION node could omit previous registrations of a custom URL and deliver valid proofs of a new on-chain registration. This means an attacker could perform URL spoofing on users with a mere ION node Sybil attack and a few bitcoin transactions, unlike the extremely costly 51% attack required for URL spoofing in ENS.
In ENS, full-nodes can’t perform this trick without launching a 51% attack because users receive a Patricia-Merkle proof from full-nodes that verifies the current state of the domain registry. ION trade-offs aren’t worth the risks.
/ Colby Serpa 🧬
npub1t8…ra5h9
2023-03-19 18:01:01
in reply to nevent1q…laxr
Author Public Key
npub1t89vhkp66hz54kga4n635jwqdc977uc2crnuyddx7maznwfrpupqwra5h9Published at
2023-03-19 18:01:01Event JSON
{
"id": "87f7df15935516ec16867a9784a0c0b44348bf8ad4d6d5e837bdb79c65b1e7b1",
"pubkey": "59cacbd83ad5c54ad91dacf51a49c06e0bef730ac0e7c235a6f6fa29b9230f02",
"created_at": 1679245261,
"kind": 1,
"tags": [
[
"e",
"6e1828963340f8c865c863be2d7cb984f8eb43fe6ddad32b3ecf8f5846345810",
""
],
[
"e",
"56ac3d5046bbed1eef9da43cba0c22ae15147485412db3304d45d5a38ca98eee"
],
[
"p",
"b9003833fabff271d0782e030be61b7ec38ce7d45a1b9a869fbdb34b9e2d2000"
],
[
"p",
"3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"
],
[
"p",
"32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"
],
[
"p",
"dbf3d7c79a92995ccfb135997ac1612f41637c8a805be393204b3d1c2769d127"
]
],
"content": "Good quote.\n\n“This paired with the high likelihood that ION DIDs will almost always be resolved by ION nodes instead of clients/light wallets manually doing what an ION node does for you sort of nullifies / diminishes the censorship resistance provided by the anchor to Bitcoin.”\nThanks Moe.\n\nWe cannot rely on a prevalence of honest ION nodes as a form of security because it creates the risk of an ION Sybil attack. The proof a user receives must prove that the URL is not registered to anyone else, like it does in ENS. \n\nUnlike ENS, an ION node could omit previous registrations of a custom URL and deliver valid proofs of a new on-chain registration. This means an attacker could perform URL spoofing on users with a mere ION node Sybil attack and a few bitcoin transactions, unlike the extremely costly 51% attack required for URL spoofing in ENS.\n\nIn ENS, full-nodes can’t perform this trick without launching a 51% attack because users receive a Patricia-Merkle proof from full-nodes that verifies the current state of the domain registry. ION trade-offs aren’t worth the risks.",
"sig": "ce3ff1f43a21c601c33ae9d7a2f46245fa165c9689ba9dfe2c395604aa7db51babbed09d4416ee4fc34b1becb59e11ff01b2743b73c1eb65f7983b95947254ab"
}