Author: Peter Todd 2013-05-06 17:19:43
Published on: 2013-05-06T17:19:43+00:00
Mike Hearn, a developer, made suggestions for improving the security and privacy of Bitcoin transactions in May 2013. His first suggestion was to make it clear in the user interface (UI) that payments from untrusted sources should not be accepted if the phone is connected to Wi-Fi. He stated that the app needed to communicate the "may not exist" aspect more clearly. If connected via a cell tower, he argued that the existing wording was fine as it was unlikely the telecommunications company would try to scam a person-to-person transaction. Mike's second suggestion was to give nodes keys that appear in addr broadcasts and seed data and have each node keep a running hash of all messages sent on a connection so far. He suggested adding a new protocol message that asks the node to sign the current accumulated hash. In his third suggestion, Mike proposed delegating everything to Tor or finding some other way to obfuscate the origin of a transaction. He stated that The Guardian Project might be able to help with implementing Tor on Android phones. In response to these suggestions, someone asked why we don't just use standard SSL since we already depend on OpenSSL. Mike replied by suggesting defining a per-node compressed pubkey to pass around and then doing whatever is easiest to get the actual SSL up and running. Finally, he suggested defining a new service bit SSL and switching to SSL within the same TCP connection if we connect to an SSL supporting node.
Updated on: 2023-06-06T16:12:18.384806+00:00