Eric Voskuil via bitcoin-dev
2017-03-22 00:04:47 UTC
Reposting this response since this made it neither to distribution nor
to the moderation archive.
- -------- Forwarded Message --------
Subject: Re: [bitcoin-dev] Unique node identifiers
Date: Wed, 8 Mar 2017 18:59:42 -0800
that is at the heart of my concern (excluding people). It is this
"[same] except more secure" distinction that is the problem. You
brush past that as if it did not exist.
So you're saying that a -onlyacceptconnectionsfrom=IP option
wouldn't be a concern to you because it can't exclude people? Of
course it can exclude people - just not your ISP or a state-level
attacker.
You seem to look at this from only one perspective. Put yourself on the
other end of the wire (web wallets, APIs, exchanges, miners). Is an IP
address strong enough for them to prove to the state that they are
getting connections only from authorized "customers" that they know? Is
it sufficient for them that they may think they know their customer but
in reality it may be some ISP spoofing their customer (or some state)?
Obviously it is not sufficient, which is why IP addresses do not produce
this problem. They will need another mechanism, and BIP150 just happens
to be it.
an anonymous network of public information or it is a private network
(of private information). Too many arguments have been based on the idea
that the information is private (bloom filters, tainting). There are
anonymizing networks, Bitcoin P2P is not one of them.
Consensus rules exist to validate information obtained from the
anonymous public. That includes your ISP and the state. The rules
validate everything that matters except whether there is a stronger
chain - and seeing the strongest chain cannot be guaranteed by
encryption, unless of course we are all strongly tied to the majority
hash power and trust them.
Making the network private so that we can detect denial/disruption of
service is pointless if the the only threat is your own ISP or the state
.
decide whether it has been constructive and what to do with it. I hope
it is understood that I do not question the motivation of anyone involve
d.
connects to the more centralized network identifiable. The next step
doesn't even require a software change. A "bitcoin provider" will only
need to provide you a secret to use when connecting. And they have every
reason to want to control this access.
e
to the moderation archive.
- -------- Forwarded Message --------
Subject: Re: [bitcoin-dev] Unique node identifiers
Date: Wed, 8 Mar 2017 18:59:42 -0800
In that way, I see BIP150 as an extension of IP addresses,
except more secure against network-level attackers. If you
believe the concept of people establishing links along existing
trust lines is a problem, you should be arguing against
features in Bitcoin software that allows configuring preferred
IP addresses to connect to as well (-addnode and -connect in
Bitcoin Core, for example).
Weak identity is insufficient to produce the problem scenarioexcept more secure against network-level attackers. If you
believe the concept of people establishing links along existing
trust lines is a problem, you should be arguing against
features in Bitcoin software that allows configuring preferred
IP addresses to connect to as well (-addnode and -connect in
Bitcoin Core, for example).
that is at the heart of my concern (excluding people). It is this
"[same] except more secure" distinction that is the problem. You
brush past that as if it did not exist.
wouldn't be a concern to you because it can't exclude people? Of
course it can exclude people - just not your ISP or a state-level
attacker.
other end of the wire (web wallets, APIs, exchanges, miners). Is an IP
address strong enough for them to prove to the state that they are
getting connections only from authorized "customers" that they know? Is
it sufficient for them that they may think they know their customer but
in reality it may be some ISP spoofing their customer (or some state)?
Obviously it is not sufficient, which is why IP addresses do not produce
this problem. They will need another mechanism, and BIP150 just happens
to be it.
Please, Eric. I think I understand your concern,
I assume you do. The question is ultimately whether the P2P protocol isan anonymous network of public information or it is a private network
(of private information). Too many arguments have been based on the idea
that the information is private (bloom filters, tainting). There are
anonymizing networks, Bitcoin P2P is not one of them.
Consensus rules exist to validate information obtained from the
anonymous public. That includes your ISP and the state. The rules
validate everything that matters except whether there is a stronger
chain - and seeing the strongest chain cannot be guaranteed by
encryption, unless of course we are all strongly tied to the majority
hash power and trust them.
Making the network private so that we can detect denial/disruption of
service is pointless if the the only threat is your own ISP or the state
.
but this argument isn't constructive either.
I don't need to continue it, I've made my case. It's up to others todecide whether it has been constructive and what to do with it. I hope
it is understood that I do not question the motivation of anyone involve
d.
The proposal here is to introduce visible node identities on the
network. I think that's misguided as node count is irrelevant and
trivial to fake anyway.
Agreed.network. I think that's misguided as node count is irrelevant and
trivial to fake anyway.
I know that you equate the concept of having verifiable identity
keys in the P2P with a step towards making every node
identifiable,
There is no question that is a step toward making every person whokeys in the P2P with a step towards making every node
identifiable,
connects to the more centralized network identifiable. The next step
doesn't even require a software change. A "bitcoin provider" will only
need to provide you a secret to use when connecting. And they have every
reason to want to control this access.
e