Author: Eric Voskuil 2016-06-28 23:31:19
Published on: 2016-06-28T23:31:19+00:00
The discussion started with a question about why encryption should be used, and the possible drawbacks of using it. False sense of security and tradeoffs against anonymity were some of the issues raised. The need for authentication was highlighted as necessary to make encryption effective against man-in-the-middle attacks. However, the distribution of public keys would require a trusted side channel. It was acknowledged that BIP151 would need authentication to accomplish its sole objective, but there could be multiple ways of sharing identity keys. The issue of trust on first use (TOFU) was discussed as a potential solution to the authentication problem. Encryption and laying groundwork for authentication are the main objectives of BIP151, but it is incomplete without authentication. There were concerns about the significant problem of control over who can use Bitcoin if widespread key distribution is implemented. The missing MITM protection was prominent in the BIP, and this highlighted the importance of authentication. Finally, there were discussions about the possibility of using preshared keys or GPG/Signal App to share identity keys, and the relevance of various internet of trust 2.0 proposals.
Updated on: 2023-06-11T18:57:34.675124+00:00