Author: Eric Voskuil 2016-06-28 23:34:33
Published on: 2016-06-28T23:34:33+00:00
The discussion is about whether BIP151 provides tools to detect an attack. Passing the session ID out of band is authentication and not part of BIP151, hence not providing tools for detecting an attack. Users can compare session IDs via other communication channels after the fact and discover if they were or are being MITMed. However, a secure channel is required for this which is not provided by BIP151. A bitcoin address needs to be sent over a secure channel, which is not provided in P2P protocol that is not encrypted or authenticated. Posting transactions to the network is a client-server scenario and the set of transactions arriving at an arbitrary node, including the order of arrival, is public information. Encryption, authentication, and Tor cannot prevent timing attacks against a person posting transactions to the network unless the entire network is "secured".
Updated on: 2023-06-11T18:58:13.079772+00:00