Re: [Bitcoin-development] CoinShuffle: decentralized CoinJoin without trusted third parties

2014-08-07 Thread xor
On Thursday, August 07, 2014 12:22:31 AM Tim Ruffing wrote: - Decentralization / no third party: There is no (trusted or untrusted) third party in a run of the protocol. (Still, as in all mixing solutions, users need some way to gather together before they can run the protocol. This can be

[Bitcoin-development] Miners MiTM

2014-08-07 Thread Pedro Worcel
Hi there, I was wondering if you guys have come across this article: http://www.wired.com/2014/08/isp-bitcoin-theft/ The TL;DR is that somebody is abusing the BGP protocol to be in a position where they can intercept the miner traffic. The concerning point is that they seem to be having some

Re: [Bitcoin-development] Miners MiTM

2014-08-07 Thread Luke Dashjr
On Thursday, August 07, 2014 11:02:21 PM Pedro Worcel wrote: Hi there, I was wondering if you guys have come across this article: http://www.wired.com/2014/08/isp-bitcoin-theft/ The TL;DR is that somebody is abusing the BGP protocol to be in a position where they can intercept the miner

Re: [Bitcoin-development] Miners MiTM

2014-08-07 Thread slush
AFAIK the only protection is SSL + certificate validation on client side. However certificate revocation and updates in miners are pain in the ass, that's why majority of pools (mine including) don't want to play with that... slush On Fri, Aug 8, 2014 at 1:45 AM, Luke Dashjr l...@dashjr.org

Re: [Bitcoin-development] Miners MiTM

2014-08-07 Thread Christopher Franko
What exactly makes bitcoin less of a target than a scamcoin which I suspect means anything that != bitcoin? On 7 August 2014 20:29, slush sl...@centrum.cz wrote: AFAIK the only protection is SSL + certificate validation on client side. However certificate revocation and updates in miners are

Re: [Bitcoin-development] Miners MiTM

2014-08-07 Thread Luke Dashjr
On Friday, August 08, 2014 12:29:31 AM slush wrote: AFAIK the only protection is SSL + certificate validation on client side. However certificate revocation and updates in miners are pain in the ass, that's why majority of pools (mine including) don't want to play with that... Certificate

Re: [Bitcoin-development] Miners MiTM

2014-08-07 Thread Pedro Worcel
the only protection is SSL + certificate validation on client side. However certificate revocation and updates in miners are pain in the ass, that's why majority of pools (mine including) don't want to play with that... Another solution which would have less overhead would be to implement

Re: [Bitcoin-development] Miners MiTM

2014-08-07 Thread slush
Although 140 BTC sounds scary, actually it was very minor issue and most of miners aren't even aware about it. TLS would probably make the attack harder, that's correct. However if somebody controls ISP routers, then MITM with TLS is harder, yet possible. slush On Fri, Aug 8, 2014 at 3:07 AM,

Re: [Bitcoin-development] Miners MiTM

2014-08-07 Thread Jeff Garzik
You don't necessarily need the heavy weight of SSL. You only need digitally signed envelopes between miner and pool[1]. [1] Unless the pool is royally stupid and will somehow credit miner B, if miner B provides to the pool a copy of miner A's work. On Thu, Aug 7, 2014 at 8:29 PM, slush

[Bitcoin-development] NODE_EXT_SERVICES and advertising related services

2014-08-07 Thread Jeff Garzik
Link: https://github.com/bitcoin/bitcoin/pull/4657 It is not necessary to build all functionality into bitcoind, to form a decentralized network. BitPay's insight open source block explorer API project requires, and runs on top of, bitcoind. Therefore, at the same IP address as bitcoind, other