Author: Gregory Maxwell 2014-07-21 20:19:19
Published on: 2014-07-21T20:19:19+00:00
In a discussion about the weaknesses of dnsseeds, Peter Todd suggested writing an "Expectations for DNSSeed users" document outlining their security properties and possible attacks. He also agreed that seeds offering authenticated and encrypted connections would be more beneficial to users, especially if they are using authed/encrypted connections to nodes such as Tor hidden services. Todd suggested having a separate onionseed process for hosts that can reach hidden services, which would be inherently authenticated and somewhat more anonymous. Regarding the DNSseed results, Todd was deliberately vague to avoid foreclosing reasonable activities like omitting nodes that are uselessly slow, diverged from the network, or running very old software. However, he suggested that if the purpose of connecting users to functioning nodes is clear, it's probably okay. Singling out a group of hosts to receive different results with DNS is difficult since it usually involves singling out different ISPs rather than hosts themselves. Todd also noted that while there have been suggestions to use testnet seeds for testing vulnerabilities, the public discussion clause should suffice to allow those exceptions.
Updated on: 2023-05-19T19:09:52.204713+00:00