📅 Original date posted:2016-06-28
📝 Original message:> On Jun 28, 2016, at 11:36 PM, Gregory Maxwell <greg at xiph.org> wrote:
>
> On Tue, Jun 28, 2016 at 9:22 PM, Eric Voskuil via bitcoin-dev
> <bitcoin-dev at lists.linuxfoundation.org> wrote:
>> An "out of band key check" is not part of BIP151.
>
> It has a session ID for this purpose.
Passing the session ID out of band is authentication. As this is explicitly not part of BIP151 it cannot be that BIP151 provides the tools to detect a attack (the point at issue).
>> It requires a secure channel and is authentication. So BIP151 doesn't provide the tools to detect an attack, that requires authentication. A general requirement for authentication is the issue I have raised.
>
> One might wonder how you ever use a Bitcoin address, or even why we might guess these emails from "you" aren't actually coming from the NSA.
The sarcasm is counterproductive Greg. By the same token I could ask how you ever use Bitcoin given that the P2P protocol is not encrypted or authenticated.
It doesn't matter who I am, maybe I am the NSA. I don't argue from a position of authority. Signing my emails while traveling on holiday with only my phone gets a little tedious.
The blockchain and mempool are a cache of public data. Transmission of a payment address to a payer is not a comparable scenario.
The possibility that authentication may become required to participate in this trustless network is a legitimate concern, and one that has not been addressed.
e
Eric Voskuil [ARCHIVE] /
npub1sg…ppx3c
2023-06-07 17:51:40
in reply to nevent1q…08ps
Author Public Key
npub1sgs97fe0n9wehe6zw7drcxdz4cy9yt9pfqjv8gasz5jlk4zezc0quppx3cSeen on
wss://relay.noswhere.comPublished at
2023-06-07 17:51:40Event JSON
{
"id": "f49f3fd54a230a4f7cd0a3c9d8b16e01c9a6088e3301d6b2dc9a896721d88cc6",
"pubkey": "82205f272f995d9be742779a3c19a2ae08522ca14824c3a3b01525fb5459161e",
"created_at": 1686160300,
"kind": 1,
"tags": [
[
"e",
"d0e8bb25d553b30c0cc0d96d85855c267cf10b5981dd5042024df41c59046cbd",
"",
"root"
],
[
"e",
"0a24d73f8dc7ec8ea4ceeca66d3398a747a0e70de2ada07340d2bdcecc24d1cf",
"",
"reply"
],
[
"p",
"2a9b7d3423041901b738be6b1d40a6e4dd3f9041e7a5fa4a2d3c662d296814c7"
]
],
"content": "📅 Original date posted:2016-06-28\n📝 Original message:\u003e On Jun 28, 2016, at 11:36 PM, Gregory Maxwell \u003cgreg at xiph.org\u003e wrote:\n\u003e \n\u003e On Tue, Jun 28, 2016 at 9:22 PM, Eric Voskuil via bitcoin-dev\n\u003e \u003cbitcoin-dev at lists.linuxfoundation.org\u003e wrote:\n\u003e\u003e An \"out of band key check\" is not part of BIP151.\n\u003e \n\u003e It has a session ID for this purpose.\n\nPassing the session ID out of band is authentication. As this is explicitly not part of BIP151 it cannot be that BIP151 provides the tools to detect a attack (the point at issue).\n\n\u003e\u003e It requires a secure channel and is authentication. So BIP151 doesn't provide the tools to detect an attack, that requires authentication. A general requirement for authentication is the issue I have raised.\n\u003e \n\u003e One might wonder how you ever use a Bitcoin address, or even why we might guess these emails from \"you\" aren't actually coming from the NSA.\n\nThe sarcasm is counterproductive Greg. By the same token I could ask how you ever use Bitcoin given that the P2P protocol is not encrypted or authenticated.\n\nIt doesn't matter who I am, maybe I am the NSA. I don't argue from a position of authority. Signing my emails while traveling on holiday with only my phone gets a little tedious.\n\nThe blockchain and mempool are a cache of public data. Transmission of a payment address to a payer is not a comparable scenario.\n\nThe possibility that authentication may become required to participate in this trustless network is a legitimate concern, and one that has not been addressed.\n\ne",
"sig": "9dd77993dcbf18a7853a64caa1773c845876f16cc603b60a5a793315c5428e482b532e60711dec7f48178456dab42e205375142da3ac38b0c12bf8ceebb90d1e"
}