<div dir="ltr">On Tue, Aug 19, 2014 at 8:14 PM, Peter Todd <span dir="ltr"><<a href="mailto:pete@petertodd.org" target="_blank">pete@petertodd.org</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">
<br>
</div><div class="">Don't let perfect be the enemy of good.<br></div></blockquote><div><br></div><div>I'm not. I don't think this proposal is even good.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
You realize that by your own definition even the NSA is mostly a "weak passive attacker" They do *not* have the ability to attack more than a small, targeted, subset of connection for both technical and political reasons. For starters, MITM attacks are easily detected - "Bitcoin network attacked by unknown agents! Has your ISP been compromised?" would make for great headlines and would soon see the problem fixed both technically and politically.<br>
<br></blockquote><div><br></div><div>Again, the NSA might get an absolutely trivial amount of data from monitoring connections on the Bitcoin network. A bit of publicity is *not* worth drastically increasing the software complexity of the client.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
In any case, my suggestion of enabling hidden service support by default adds both encryption and reasonably good authentication.</blockquote><div><br></div><div>Enabling hidden service support by default would introduce an insanely huge attack surface. </div>
<div><br></div><div>And you're conflating two different things; using Tor is valuable to Bitcoin because it would provide some anonymity. The encryption aspect is pretty much useless for us.</div></div></div></div>