On Thu, Jun 09, 2016 at 08:57:29AM +0200, Jonas Schnelli via bitcoin-dev wrote:
> > Are there any links to discussions on how authentication may be done?
>
> I'm currently working on the Auth-BIP which is not worth reviewing it
> right now (I will post it to the mailing list once it has been reach
Hi
> On Thu, Jun 09, 2016 at 01:24:09AM +, Gregory Maxwell wrote:
>> Reduction to plaintext isn't an interesting attack vector for an active
>> attacker: they can simply impersonate the remote side.
>>
>> This is addressed via authentication, where available, which is done by a
>> separate spe
On Thu, Jun 09, 2016 at 01:24:09AM +, Gregory Maxwell wrote:
> Reduction to plaintext isn't an interesting attack vector for an active
> attacker: they can simply impersonate the remote side.
>
> This is addressed via authentication, where available, which is done by a
> separate specification
On Wed, Jun 8, 2016 at 11:47 PM, Alfie John via bitcoin-dev
wrote:
> Hi folks,
>
> Overall I think BIP 151 is a good idea. However unless I'm mistaken, what's to
> prevent someone between peers to suppress the initial 'encinit' message during
> negotiation, causing both to fallback to plaintext?
>
Hi folks,
Overall I think BIP 151 is a good idea. However unless I'm mistaken, what's to
prevent someone between peers to suppress the initial 'encinit' message during
negotiation, causing both to fallback to plaintext?
Peers should negotiate a secure channel from the outset or backout entirely
w