jan at uos.de [ARCHIVE] on Nostr: 📅 Original date posted:2011-07-01 🗒️ Summary of this message: Jan suggests ...

📅 Original date posted:2011-07-01
🗒️ Summary of this message: Jan suggests enabling UPnP by default in the GUI but leaving it off in bitcoind. He acknowledges the security risks but believes it's necessary for P2P communication.
📝 Original message:On Fri, Jul 01, 2011 at 11:06:56AM -0400, Gavin Andresen wrote:
> > Not sure about OS differentiation, seems...wrong?  Maybe disabled by
> > default on bitcoind but on by default on bitcoin?
>
> OK. I mis-remembered the poll:
> http://forum.bitcoin.org/index.php?topic=4392.0
>
> On by default 8 (20%)
> Off by default 22 (55%)
> On by default in the GUI, off by default in bitcoind 10 (25%)

I just voted as well and now - with some extra votes in the meantime -
it's 9 / 22 / 13. So exactly 50/50 between off (22) and some form of on
(9 + 13).

I'm in favor of turning it on by default in the GUI and leaving it off
in bitcoind.

I don't like UPnP much, I find it exemplifies exactly what is wrong with
computer security today: Convenience trumps security almost every time.

BUT: I don't think this is the moment to fight UPnP. It's the standard
mechanism in use today to let a computer behind a NAT accept incoming
connections. The user has already made the decision in regards to
convenience over security. By enabling UPnP (or by buying a product that
does this automatically) they are saying: I want it to "just work"
instead of having fine-grained but more complicated control.

Bitcoin is a P2P application and as such should use this
mechanism. I think it's pretty clear that participating in a P2P network
requires one to receive messages from other peers. At least no one seems
to be concerned that Bitcoin (by default!) listens on port 8333. So I
think it's only logical to extend that to work behind NATs as well.

Cheers!
Jan