> On Jun 28, 2016, at 11:36 PM, Gregory Maxwell <g...@xiph.org> wrote: > > On Tue, Jun 28, 2016 at 9:22 PM, Eric Voskuil via bitcoin-dev > <bitcoin-dev@lists.linuxfoundation.org> wrote: >> An "out of band key check" is not part of BIP151. > > It has a session ID for this purpose.
Passing the session ID out of band is authentication. As this is explicitly not part of BIP151 it cannot be that BIP151 provides the tools to detect a attack (the point at issue). >> It requires a secure channel and is authentication. So BIP151 doesn't >> provide the tools to detect an attack, that requires authentication. A >> general requirement for authentication is the issue I have raised. > > One might wonder how you ever use a Bitcoin address, or even why we might > guess these emails from "you" aren't actually coming from the NSA. The sarcasm is counterproductive Greg. By the same token I could ask how you ever use Bitcoin given that the P2P protocol is not encrypted or authenticated. It doesn't matter who I am, maybe I am the NSA. I don't argue from a position of authority. Signing my emails while traveling on holiday with only my phone gets a little tedious. The blockchain and mempool are a cache of public data. Transmission of a payment address to a payer is not a comparable scenario. The possibility that authentication may become required to participate in this trustless network is a legitimate concern, and one that has not been addressed. e _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
