📅 Original date posted:2014-08-19 📝 Original message:-----BEGIN PGP SIGNED ...

Why Nostr? What is Njump?

Peter Todd [ARCHIVE] /

npub1m2…a2np2

2023-06-07 15:25:22

in reply to nevent1q…6gyl

📅 Original date posted:2014-08-19
📝 Original message:-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 19 August 2014 20:59:14 GMT-04:00, William Yager <will.yager at gmail.com> wrote:
>What, exactly, do we hope to achieve from having end-to-end encryption?
>
>Even if it worked perfectly, it wouldn't be very useful.
>
>But it won't work perfectly, because we don't have any method of
>authentication.

Don't let perfect be the enemy of good.

> The bitcoin network is trivially MITMable. It's
>designed to
>work even in the face of that, but any encryption we implement will
>just
>get blown away by anyone who cares enough to stand in the middle of two
>nodes.
>
>As far as I can see, we get a microscopic obfuscatory advantage over a
>very
>weak passive attacker, at the cost of hugely increased software
>complexity
>(and possibly increased CPU time).

You realize that by your own definition even the NSA is mostly a "weak passive attacker" They do *not* have the ability to attack more than a small, targeted, subset of connection for both technical and political reasons. For starters, MITM attacks are easily detected - "Bitcoin network attacked by unknown agents! Has your ISP been compromised?" would make for great headlines and would soon see the problem fixed both technically and politically.

In any case, my suggestion of enabling hidden service support by default adds both encryption and reasonably good authentication.

-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1

iQFQBAEBCAA6BQJT8/ZaMxxQZXRlciBUb2RkIChsb3cgc2VjdXJpdHkga2V5KSA8
cGV0ZUBwZXRlcnRvZGQub3JnPgAKCRAZnIM7qOfwhV5UCAC0wVMyKtCedZuUKXrw
Mg6qvbkDzGyzn7fgASTnMh8hF+p+p5MoOz3K0FGTdLph+ulptz9ITatGmmi+av+u
0Fc8xXYgxiYcIwtMVumNrHR16bjG7NoShnqMujuUZ7a+xigeHxV2/tG0VRb9Km8W
GFYNdY4mOFubFu7qfqymmxGsIgP42rPsN6c41B75wqqaGzSX7BRmlxNsYVSUO3Fi
fwNU7y7hLC9BN+WQCmVK+Rk57XpXcoydfvsz9a/SLhiQKssEdcDbUq4gLtnDHs92
JBsUqzG/wDgcQFiLuAm/A/ZvDAERwPr6jtunt3CCDt+UdLwlGAj5RTnuHgY72PNS
Ma2O
=2qdX
-----END PGP SIGNATURE-----

Author Public Key

npub1m230cem2yh3mtdzkg32qhj73uytgkyg5ylxsu083n3tpjnajxx4qqa2np2

Show more details

Published at

2023-06-07 15:25:22

Kind type

1 Short Text Note

Event JSON

{ "id": "d379ad81dd9e52fd24728063cb2609c5f44b3f51d4f049380c54430df7ef9a73", "pubkey": "daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa", "created_at": 1686151522, "kind": 1, "tags": [ [ "e", "f7d80207f3f3e09247c97d3e8c17b8e8b9ffc855be5e4ac09f019815084b2528", "", "root" ], [ "e", "0e6141cc464efdbdcb254e38c864967d5f1222f2da76c711d3ea9c21242d1d7c", "", "reply" ], [ "p", "dac5021a7b00b2588f37695f479d6d47ad5dbacbb4f6beec1ddd295ae976e83c" ] ], "content": "📅 Original date posted:2014-08-19\n📝 Original message:-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n\n\nOn 19 August 2014 20:59:14 GMT-04:00, William Yager \u003cwill.yager at gmail.com\u003e wrote:\n\u003eWhat, exactly, do we hope to achieve from having end-to-end encryption?\n\u003e\n\u003eEven if it worked perfectly, it wouldn't be very useful.\n\u003e\n\u003eBut it won't work perfectly, because we don't have any method of\n\u003eauthentication.\n\nDon't let perfect be the enemy of good.\n\n\u003e The bitcoin network is trivially MITMable. It's\n\u003edesigned to\n\u003ework even in the face of that, but any encryption we implement will\n\u003ejust\n\u003eget blown away by anyone who cares enough to stand in the middle of two\n\u003enodes.\n\u003e\n\u003eAs far as I can see, we get a microscopic obfuscatory advantage over a\n\u003every\n\u003eweak passive attacker, at the cost of hugely increased software\n\u003ecomplexity\n\u003e(and possibly increased CPU time).\n\nYou realize that by your own definition even the NSA is mostly a \"weak passive attacker\" They do *not* have the ability to attack more than a small, targeted, subset of connection for both technical and political reasons. For starters, MITM attacks are easily detected - \"Bitcoin network attacked by unknown agents! Has your ISP been compromised?\" would make for great headlines and would soon see the problem fixed both technically and politically.\n\nIn any case, my suggestion of enabling hidden service support by default adds both encryption and reasonably good authentication.\n\n-----BEGIN PGP SIGNATURE-----\nVersion: APG v1.1.1\n\niQFQBAEBCAA6BQJT8/ZaMxxQZXRlciBUb2RkIChsb3cgc2VjdXJpdHkga2V5KSA8\ncGV0ZUBwZXRlcnRvZGQub3JnPgAKCRAZnIM7qOfwhV5UCAC0wVMyKtCedZuUKXrw\nMg6qvbkDzGyzn7fgASTnMh8hF+p+p5MoOz3K0FGTdLph+ulptz9ITatGmmi+av+u\n0Fc8xXYgxiYcIwtMVumNrHR16bjG7NoShnqMujuUZ7a+xigeHxV2/tG0VRb9Km8W\nGFYNdY4mOFubFu7qfqymmxGsIgP42rPsN6c41B75wqqaGzSX7BRmlxNsYVSUO3Fi\nfwNU7y7hLC9BN+WQCmVK+Rk57XpXcoydfvsz9a/SLhiQKssEdcDbUq4gLtnDHs92\nJBsUqzG/wDgcQFiLuAm/A/ZvDAERwPr6jtunt3CCDt+UdLwlGAj5RTnuHgY72PNS\nMa2O\n=2qdX\n-----END PGP SIGNATURE-----", "sig": "0c61a4ffe58a9a8a6e868abdc9664af2bc53f9b70a8dfe184f2aef5359d90a5f8f41e23560b4e3999ad43f62d026a3758896a76d1a7bacdb7bd3a34b7712dfdb" }