📅 Original date posted:2014-08-07
📝 Original message:On Friday, August 08, 2014 12:29:31 AM slush wrote:
> AFAIK the only protection is SSL + certificate validation on client side.
> However certificate revocation and updates in miners are pain in the ass,
> that's why majority of pools (mine including) don't want to play with
> that...
Certificate validation isn't needed unless the attacker can do a direct MITM
at connection time, which is a lot harder to maintain than injecting a
client.reconnect. This, combined with your concern about up to date
certs/revokes/etc, is why BFGMiner defaults to TLS without cert checking for
stratum.
Luke
Luke Dashjr [ARCHIVE] /
npub1tf…rfq0n
2023-06-07 15:24:59
in reply to nevent1q…su0a
Author Public Key
npub1tfk373zg9dnmtvxnpnq7s2dkdgj37rwfj3yrwld7830qltmv8qps8rfq0nSeen on
wss://relay.noswhere.comPublished at
2023-06-07 15:24:59Event JSON
{
"id": "3742459c03ce90270fa150f24771818b8e688d421198053ab033059deb4a728c",
"pubkey": "5a6d1f44482b67b5b0d30cc1e829b66a251f0dc99448377dbe3c5e0faf6c3803",
"created_at": 1686151499,
"kind": 1,
"tags": [
[
"e",
"6cef07af0faac9707f80f8840d2c81c59eb26cce03afa7fdc1332a0b02a13efb",
"",
"root"
],
[
"e",
"02d216eccd8b6b60f27a7f6b93243274731c7bd04955d5d426bfe374ca144e27",
"",
"reply"
],
[
"p",
"eb7ca795057ca7cabde6f541c741e661d013414934e5934c2e04c6677625c99a"
]
],
"content": "📅 Original date posted:2014-08-07\n📝 Original message:On Friday, August 08, 2014 12:29:31 AM slush wrote:\n\u003e AFAIK the only protection is SSL + certificate validation on client side.\n\u003e However certificate revocation and updates in miners are pain in the ass,\n\u003e that's why majority of pools (mine including) don't want to play with\n\u003e that...\n\nCertificate validation isn't needed unless the attacker can do a direct MITM \nat connection time, which is a lot harder to maintain than injecting a \nclient.reconnect. This, combined with your concern about up to date \ncerts/revokes/etc, is why BFGMiner defaults to TLS without cert checking for \nstratum.\n\nLuke",
"sig": "b428116646934b454d27acaa72938320d1576d039260c8523fcaceed3309ca94ee886e42c34d05fe275afbf419e16a653b5b0c130fbba14e98715f28c0668d28"
}