sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
alexsuraci has quit []
BlaDe^ has joined #bitcoin-wizards
zmnscpxj has joined #bitcoin-wizards
shush has quit [Remote host closed the connection]
shush has joined #bitcoin-wizards
proofofkeags has joined #bitcoin-wizards
shush has quit [Ping timeout: 260 seconds]
shush has joined #bitcoin-wizards
bitdex has joined #bitcoin-wizards
shesek has quit [Remote host closed the connection]
Belkaar has quit [Ping timeout: 265 seconds]
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Belkaar has joined #bitcoin-wizards
proofofkeags has quit [Remote host closed the connection]
proofofkeags has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
shesek has joined #bitcoin-wizards
shesek has quit [Changing host]
shush has quit [Remote host closed the connection]
<yanmaani>
CubicEarth: Well so you are describing a specific thing. No, the purpose of the discouragement is to just tell the nodes who send you complete garbage to piss off
<sipa>
CubicEarth: for several reasons, no
<yanmaani>
You send transactions everywhere, and you get transactions and blocks from everywhere.
<sipa>
1) nodes shouldn't be identifiable for the reason you linked
<yanmaani>
There's no point. Why would you want to trust your peers more than that?
<sipa>
2) introducing identities that have no cost is pointless; an attacker would just cycle through identities instead of letting himself earn a bad reputation
<sipa>
3) banning by ip works because the resource used is _the ip address_: the concept relies on IP addresses themselves having a small but nonzero cost, so an attacker can't get an infinity of them
morcos has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
<yanmaani>
Don't try to jerry-rig the "ban the garbage nodes" system into a "trust the good nodes" system. It's not built for that.
<CubicEarth>
yanmaani: lol... I mean I was thinking they are the same thing
<sipa>
note that automatic banning isn't really banning anymore; those peers can still connect to you, they're just preferred for eviction
<yanmaani>
Nope. The Bitcoin network has no notion of "trusted" nodes, just "nodes it doesn't think will flood you with garbage"
<sipa>
the primary purpose of the discouragement is to keep your connections free of broken software
<CubicEarth>
sipa, on point 2, generating an identity is costless, but establishing a long and flawless record of good behavior is not
<sipa>
if peers want to DoS attack you there are plenty of trivial other ways
<CubicEarth>
I agree, wouldn't stop that
<yanmaani>
CubicEarth: Yeah but how would you check it?
<yanmaani>
You would basically have to make a gigantic web of trust system
<CubicEarth>
Yes, eventually that would evolve on it's own
<yanmaani>
"I promise dude, I've been in this business for ten years! Here are ten other nodes who I claim are totally credible who back up my claim!"
<yanmaani>
to what end?
<yanmaani>
Why do you want to trust the nodes?
<sipa>
CubicEarth: i hate slippery slope arguments, but turning the network into something with recognizable identities is really scary to me - the whole point was to have a permissionless system!
<CubicEarth>
it could help avoid partition attacks
<CubicEarth>
sipa: for sure
<sipa>
CubicEarth: we do have some work on a "private authentication" mechanism, where nodes could optionally be given an identity, and you could verify you're connected to the right peer
<yanmaani>
CubicEarth: what?
<sipa>
but this wouldn't be a publicly-observable identity, and not something that is rumoured across the network
<yanmaani>
how does having some trusted nodes help you wit hthat
<sipa>
it's so you can have secure connections with other nodes you trust, because e.g. you run them yourself, or you know who does
<sipa>
but there would be no way to tell what the identity of a node is, unless you already know it
<yanmaani>
Basically, what you are proposing is extremely complex, and there's no good reason for it to overlap with the existing system
<CubicEarth>
yeah, turning on a node ID should not be default and be totally optional
<yanmaani>
This is a system for nodes to start at 0 and go downwards; that is a system whereby nodes start at 0 and go upwards
<yanmaani>
it doesn't really solve any problems, but it's a lot of code
<sipa>
i'm not worried about the code
<sipa>
i'm worried about giving nodes an identity!
<CubicEarth>
yanmaani: I see the only starting complexity on the bitcoin core side as being a unique node id, and a way to sign blocks and other transmissions as coming from that node
<yanmaani>
Yeah but why? Why do you want to sign "blocks and other transmissions" as coming from some node?
<yanmaani>
What purpose does it serve?
<sipa>
CubicEarth: you mean the miner/tx author node signing?
<sipa>
or just the peer who is sending them to you?
<CubicEarth>
just the peer
<sipa>
okay.
<yanmaani>
why?
<sipa>
if it's a peer you know, this makes perfect sense
<CubicEarth>
yanmaani: simply, because someone might prefer to connect to nodes that have a good and public reputation
<sipa>
but i don't think every peer in the network should be such a peer
<CubicEarth>
sipa: I agree
<sipa>
CubicEarth: that is very scary to me
<yanmaani>
CubicEarth: what
<sipa>
especially if reputation is public
<sipa>
don't trust, verify
<yanmaani>
Why would someone "prefer to connect to nodes that have a good and public reputation"?
<yanmaani>
What problem does this solve?
<yanmaani>
"other, unspecified people might want to do this completely bizarre thing" is, generally speaking, not a great use-case IMO
<sipa>
it's a fine line - i can see how the current ip address management / discouragement system has some similarities with a reputation/identity system
<sipa>
and to a very weak extent, it is, inevitably
<CubicEarth>
reputations and trust can yield benefits and efficiency in certain circumstances
<yanmaani>
What are these "certain circumstances"?
<CubicEarth>
but obviously we don't want the system to become dependent on such things
<yanmaani>
What are these "benefits and efficiency"?
<sipa>
yanmaani: you could imagine it benefitting DoS protections
<yanmaani>
sipa: Well, the current system already protects against "unintentional DoS"
<yanmaani>
and no ban system will protect against "we rent a botnet and send 1 Gb of junk UDP his way"
<yanmaani>
maybe it'd be useful for vague tor stuff, but then I think a simple PoW system would be far easier
<CubicEarth>
sipa, I seem to remember you telling me long ago that some of the delays in block fetching had to do with DoS protections... like if my node requests a block from a peer, and that peer doesn't deliver the block, my node waits for quite a long time before asking another node
<sipa>
CubicEarth: that's a bandwidth tradeoff
<yanmaani>
sipa: Couldn't you do something like BitTorrent?
<sipa>
wut?
<yanmaani>
Ask for the header and the topmost few levels of the Merkle tree from X nodes at once
<yanmaani>
then ask for chunk #1, #2, ... from different nodes
<yanmaani>
(split it up into pieces)
<sipa>
yanmaani: for IBD, we already effectively have that... except the pieces are blocks
<sipa>
and for steady state there is no need, as blocks generally aren't even sent in full due to compact blocks
<CubicEarth>
and I guess I imagine the future where people pay nodes for certain services... so certainly in that case you would want to know who you are paying
<sipa>
CubicEarth: yes, but it doesn't require the entire world to build a reputation system
<sipa>
it just means you want to check you're connected to the right node
<CubicEarth>
I am mostly thinking that some people / institutions might want to host awesome nodes and do a very good job at it, and have a desire for other people to know what is coming from their node
<sipa>
CubicEarth: that makes perfect sense
<sipa>
but what that needs is an authentication system, not (public) identities or reputation
<yanmaani>
CubicEarth: that doesn't need any of the web of trust stuff now does it?
<yanmaani>
"connect to asdasdasd.onion, we run it, here's our signature"
<CubicEarth>
to both of your points: crowd sourcing info on that node's behavior could also be desirable. "My node is awesome, and look, everyone else thinks so too"
<sipa>
CubicEarth: nack
<CubicEarth>
:(
<sipa>
don't trust, verify
<sipa>
reputation systems lead to sybil attacks
<yanmaani>
CubicEarth: There is a lot of "could" and "somebody" in this proposal
<sipa>
(in the original meaning of sybil attacks: someone pretending to be lots of good identities, to later exploit it)
<yanmaani>
there is not any good reason given for it, other than "It seems fun! Let's do it!"
<yanmaani>
which is, to be blunt, not a very good reason
<sipa>
CubicEarth: maybe more fundamentally: there is no such thing as publicly-verifiable "good" behavior of nodes
<CubicEarth>
sipa: if a peer signed a block, wouldn't sending a bad block be bad behavior? And sending a valid block be good behavior?
<sipa>
CubicEarth: why do you need them to sign it? you see who it's coming from already
<yanmaani>
sipa: His idea is that you might preent it
<sipa>
you only want to sign it, so it can be tied to a public identity
<sipa>
and that identity is the problem
<yanmaani>
"key X signs block Y, block Y is bad, ergo key X is bad"
<sipa>
CubicEarth: put yet differently, if you want to trust a peer more than another, it should be because of an external reason, like "i know who runs this", or "i have a contract with them and i'll sue if they misbehave"
<sipa>
not "they acted well in the past"
<CubicEarth>
sipa: They are almost the same thing
<sipa>
they absolutely aren't
<sipa>
automating it based on observable behavior is exploitable
<sipa>
behave extra-well, and get the network graph biased towards you
<CubicEarth>
Sipa: (Sipa) - a person who is known, and liked, which is based on your past behavior
<sipa>
CubicEarth: i am not a node
<sipa>
of course the human world relies on reputation
<CubicEarth>
the question then seems to be if we want to encourage any trust to be direct, based on just two parties, or if it is desirable to make it easy for people to build external reputation services
<CubicEarth>
people love to build the latter for anything they can...
<sipa>
this discussion makes me reconsider if (private) authentication should be added at all :)
<sipa>
if you can't seem to distinguish a desire to build authentication based on pre-existing trust relations in the real world, from automatically trusting things that look like they have good behavior... i fear it will be abused
<CubicEarth>
it's just a question of who is doing the looking, and where you see the bigger risk. it's the background check question, basically
<sipa>
no, it's not a background check
<sipa>
e.g. me connecting to another node i run myself, and trusting it more, is perfectly reasonable, regardless of how that node has behaved in the past
<CubicEarth>
I am conflating nodes and people because people run nodes... I see trusting the node as trusting the person running it
<sipa>
no, that's not what i'm pointing out
<CubicEarth>
if it's your own second node... sure
<sipa>
i am suggesting that trusting a node shouldn't based on its past behavior
<sipa>
or not only
<sipa>
because if it is, that creates an avenue for later misbehavior
<sipa>
or chokepoints...
<CubicEarth>
efficiency / security tradeoff?
<sipa>
e.g. i may want to create a connection to a friend of mine, even if his node is incompetently run
<sipa>
because i trust him to not be part of a statewide botnet attack
<sipa>
but a behavior based reputation cannot account for this
<sipa>
you also may want to pay a service to get higher-bandwidth/lower-latency access, or to get access to certain optional protocol features (some index lookup, say)... which means you may want to be sure you're connected to them
<sipa>
and if they misbehave, you'll stop using the service, or sue them
<sipa>
but again, that's not something a publicly observable behavior-based reputation can catch
<CubicEarth>
when I say the 'background check' thing... perhaps it turns out that a node that many people trust has occasionally been abusing that trust. It would almost serve as a fraud proof, so someone could come forward the community that the person / entity has been abusing the trust people gave to it
<sipa>
sigh
<sipa>
i'm done with this discussion
<sipa>
it's going in circles
<CubicEarth>
yes
<CubicEarth>
there's an inherent tension in the issue that is unsolvable
<sipa>
yes, you believe identities are a good thing
<sipa>
i think they're a bad thing to be avoided to the extent possible
<sipa>
you seem to want to embrace them
dougsko1 has quit []
sipa has left #bitcoin-wizards [#bitcoin-wizards]
<CubicEarth>
they are a tool, and like all tools....
<CubicEarth>
I can accept that people think the potential for abuse outweigh the benefits
<yanmaani>
CubicEarth: For what purpose? What are these alleged benefits?
<CubicEarth>
yanmaani: with lightning, to avoid fund loss, it's important to monitor the chain with no gap of longer than a certain number of blocks
<CubicEarth>
*potential fund loss
<CubicEarth>
maybe the nodes I am connected to get bribed to withhold blocks for a while
<yanmaani>
CubicEarth: just add more nodes lol, or use simple statistical analysis
Jaamg has quit [Ping timeout: 240 seconds]
<CubicEarth>
yanmaani: yes, there is always another way
<yanmaani>
Just desperately ask more nodes if it's too slow. But you've just rediscovered the eclipse attack
Belkaar has quit [Read error: Connection reset by peer]
Belkaar has joined #bitcoin-wizards
Belkaar has quit [Changing host]
Belkaar has joined #bitcoin-wizards
Nick_Freeman has joined #bitcoin-wizards
TRB1431 has joined #bitcoin-wizards
Nick_Freeman has quit [Remote host closed the connection]
Nick_Freeman has joined #bitcoin-wizards
Nick_Freeman has quit [Remote host closed the connection]
Nick_Freeman has joined #bitcoin-wizards
Nick_Freeman has quit [Remote host closed the connection]
Nick_Freeman has joined #bitcoin-wizards
Nick_Freeman has quit [Remote host closed the connection]
son0p has joined #bitcoin-wizards
Nick_Freeman has joined #bitcoin-wizards
Nick_Freeman has quit [Remote host closed the connection]
Nick_Freeman has joined #bitcoin-wizards
Nick_Freeman has quit [Remote host closed the connection]
AaronvanW has quit []
Guyver2_ has joined #bitcoin-wizards
Guyver2 has quit [Ping timeout: 256 seconds]
Nick_Freeman has joined #bitcoin-wizards
arowser_ has quit [Remote host closed the connection]
arowser_ has joined #bitcoin-wizards
Guyver2__ has joined #bitcoin-wizards
Guyver2_ has quit [Ping timeout: 256 seconds]
shush has joined #bitcoin-wizards
shush has quit [Ping timeout: 260 seconds]
AaronvanW has joined #bitcoin-wizards
ratbanebo has joined #bitcoin-wizards
Guyver2__ has quit [Quit: Going offline, see ya! (www.adiirc.com)]
tromp has quit [Remote host closed the connection]
Nick_Freeman has quit [Remote host closed the connection]
Nick_Freeman_ has joined #bitcoin-wizards
Nick_Freeman_ has quit [Remote host closed the connection]
Nick_Freeman_ has joined #bitcoin-wizards
Nick_Freeman_ has quit [Remote host closed the connection]
Nick_Freeman_ has joined #bitcoin-wizards
Nick_Freeman_ has quit [Remote host closed the connection]
TRB1431 has quit []
AaronvanW has quit []
Nick_Freeman_ has joined #bitcoin-wizards
Jaamg has joined #bitcoin-wizards
Nick_Freeman_ has quit [Remote host closed the connection]
proofofkeags has joined #bitcoin-wizards
proofofkeags has quit [Ping timeout: 246 seconds]
Perceptes has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
Nick_Freeman has joined #bitcoin-wizards
Nick_Freeman has quit [Remote host closed the connection]
proofofkeags has joined #bitcoin-wizards
proofofkeags has quit [Ping timeout: 256 seconds]
shush has joined #bitcoin-wizards
shush has quit [Ping timeout: 244 seconds]
arowser_ has quit [Remote host closed the connection]
arowser_ has joined #bitcoin-wizards
mdunnio has joined #bitcoin-wizards
tromp has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
marcoagner has quit [Ping timeout: 240 seconds]
tromp has quit [Remote host closed the connection]
son0p has quit [Ping timeout: 256 seconds]
slivera has joined #bitcoin-wizards
mdunnio has quit [Remote host closed the connection]