Author: Cameron Garnham 2016-06-28 22:33:35
Published on: 2016-06-28T22:33:35+00:00
The discussion revolves around two topics: link-level security and node-level security. Link-level security requires encryption and authentication, while node-level security requires identity authentication. The 'evil node' attack needs an identity system to stop it, but BIP151 does not intend to protect against connecting to evil Bitcoin nodes. It is important not to mixup link-level authentication and node-level authentication. When clients pick random nodes to connect to, they are not concerned with who runs them, rather that they have a good random sample of the network. For manually adding a friend's node, node-level authentication may be necessary, which should happen out-of-band. The writer argues that unauthenticated link-level encryption is not enough to prevent MITM attacks in Bitcoin, as peers can connect to attackers directly or accept connections directly from them. Stopping passive attacks is the low hanging fruit, but automated and secure peer authentication in a mesh network remains an unsolved problem in computer science. The implementation of widespread authentication using secure side channels could solve this issue. However, getting unauthenticated encryption first would force attackers to use active attacks that are thousands of times more costly to conduct.In response to Eric Voskuil's statement that an "out of band key check" is not part of BIP151, Gregory Maxwell points out that it has a session ID for this purpose. While BIP151 does not provide tools to detect an attack that requires authentication, one might wonder how Bitcoin addresses are used or why these emails from "you" aren't actually coming from the NSA.
Updated on: 2023-06-11T18:59:31.929374+00:00