> Speaking of, off-topic for this discussion, but in the future > node-to-node communicate should be encrypted and signed
Yes, I'd like to do this. The threat isn't really ISPs which are mostly trustable (the worst they normally do outside of places like China is dick about with ads), the big threat is people who use untrusted WiFi without realising and end up thinking they received money when actually they were just connected to a hotspot running in the attackers pocket. I'm rather expecting that kind of thing to happen in future. I think we can converge on the best solution with several iterations: Iteration 1) Make it clear in the UI that if the phone is connected to WiFi, payments from untrusted people should not be accepted. Currently the Android app merely says the money won't be spendable for a few minutes. It needs to communicate the "may not exist" aspect more clearly. If you're connected via a cell tower, the existing wording is fine - it's very unlikely your telco is trying to scam you in a person-to-person transaction, traffic is encrypted and 3G+ connections authenticate the network so you can't be MITMd except by your telco. Assuming you have a good list of IPs, of course. Iteration 2) Give nodes keys that appear in addr broadcasts and seed data (whether it be via https or otherwise), and have each node keep a running hash of all messages sent on a connection so far. Add a new protocol message that asks the node to sign the current accumulated hash. Not all messages really need to be signed, eg asking for signatures of blocks is sort of pointless at high difficulty levels because the structures are self proving and a simple watchdog timer that looks for unusually slow progress is probably enough. If the client keeps the same accumulated hash then when you encounter something you care about the accuracy of, you can ask for a signature over all traffic so far. Iteration 3) Do something about end to end encryption, just delegate everything to Tor, or find some other way to obfuscate the origin of a transaction (a mini onion network for example). Last time I looked, Tor wasn't really usable in library form and connecting to hidden services is really slow. So it'd be an issue to just re-use it out of the box, I think. ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
