Author: Eric Voskuil 2016-06-28 23:29:10
Published on: 2016-06-28T23:29:10+00:00
The discussion revolves around two different types of security measures: link-level security and node-level security. Link-level security requires encryption and authentication while the second type requires identity authentication. The concern is raised that BIP151 doesn't intend to protect against connecting to evil Bitcoin Nodes. It is important not to mixup link-level authentication and node-level authentication. When a client picks random nodes to connect, it's not necessary to know who runs them but when manually adding a friend's node, node-level authentication should be considered out-of-band. The need for automated and secure peer authentication in a mesh network is discussed as one of the unsolved problems in computer science. The implication of widespread authentication is at issue, and ways to implement it using secure side channels are explored. However, it is suggested first to get unauthenticated encryption and force attackers to use active attacks which are thousands of times more costly to conduct. The session ID provided by BIP151 can be used for an "out of band key check." Finally, the email exchange highlights the general requirement for authentication.
Updated on: 2023-06-11T18:59:40.511220+00:00