Skribent: Eric Voskuil Dato: Til: Jonas Schnelli CC: Bitcoin Protocol Discussion, Libbitcoin Development, John Hardy Emne: Re: [Libbitcoin] [bitcoin-dev] Unique node identifiers
On 03/08/2017 01:20 PM, Jonas Schnelli wrote: >
>> Am 08.03.2017 um 22:09 schrieb Eric Voskuil <eric@???>:
>>
>> On 03/08/2017 11:47 AM, Jonas Schnelli wrote:
>>>>> Nodes are by design not supposed to be identifiable in any way
>>>>
>>>> This is of course my objection to BIP150 ("a way for peers to ...
>>>> guarantee node ownership“).
>>>
>>> Please Eric. Stop spreading FUD.
>>
>> I'm always willing to debate this issue. I'm generally a little
>> suspicious of one who demands another person to stop arguing. I got at
>> least one such demand (along with a threat) on this subject privately
>> last summer from a notable Core dev. There is a lengthy thread on this
>> subject in which I raised these issues. Everyone is free to review that
>> discussion. > What you did say in the sentence above (and I think is FUD) is, that BIP150 will lead to every node being identifiable.
My argument against BIP150 (and 151) is based on the very real concern
that it provides a built-in mechanism to partition the network (while
also providing no meaningful privacy benefit).
> This is just completely wrong.
The only actual argument that I have seen from *anyone* to date is that
this is *unlikely* to happen. That was specifically Pieter's position
last summer. That argument is not technical but instead based on blind
trust in people.
The common refrain, which Pieter has penned again in a follow-up to this
post, is that we already have identity in terms of IP addresses, so
what's the harm. I find this argument ironic given that one of the
arguments in favor of this proposal is that IP address identification is
insufficient to establish identity. I assume that you both understand
there is a very meaningful distinction between strong identity and weak
identity.
The other argument that is often given is that, because we are talking
about privately shared as opposed to published identifiers, there is no
reason for concern. This entirely misses the point. The ability to
establish strong identity makes it trivial for someone to (strongly)
require the identity of anyone with who he/she allows a connection. This
is the *stated purpose* of BIP150. This turns the Bitcoin security model
on its head. Instead of validating content this validates people.
Given the current level of economic and hash power centralization it is
not at all hard to imagine that through fear/consequences of regulatory
controls or even poor scalability, that these points of centralization
will eventually start by establishing private connections, and
eventually require anyone connecting to them to "preshare" an identifier
(which of course identifies the person). At that point Bitcoin P2P will
have become a private network. I know you have the right motivation, but
I do not understand why you would ignore this risk in exchange for a
false sense of privacy.
There is a very clear path to this happening. So please explain to me
how this concern is "wrong". This is *not* a technical question, I know
perfectly well how the scheme works.
> There is nothing to say against a technical debate (and we had this), but I will ask you to stop if I see you attacking BIP150/151 at every
occasion with FUDish arguments like this.
Take a step back and consider that there may in fact be serious
consequences to what you are proposing. Calling may arguments
"attacking" and "FUD" is unproductive.