Author: Mike Hearn 2013-05-06 16:47:22
Published on: 2013-05-06T16:47:22+00:00
The conversation revolves around securing node-to-node communication through encryption and signing. The threat of untrusted WiFi, which can lead to attackers getting hold of personal information, is discussed. The suggestion is made to make it clear in the UI that payments from untrusted people should not be accepted when connected to WiFi. However, the existing wording is fine when connected via a cell tower, as traffic is encrypted and authenticated by the network. To ensure secure communication, several iterations are proposed. In iteration 2, nodes would have keys that appear in addr broadcasts and seed data and would keep a running hash of all messages sent on a connection. A new protocol message would ask the node to sign the current accumulated hash. Not all messages would need to be signed, only those that require accuracy. In iteration 3, end-to-end encryption would be established through Tor or some other method of obfuscation. However, Tor is currently not usable in library form and connecting to hidden services is slow.
Updated on: 2023-06-06T16:10:48.449709+00:00