[Bitcoin-development] Miners MiTM
Luke Dashjr
luke at dashjr.org
Fri Aug 8 01:01:15 UTC 2014
On Friday, August 08, 2014 12:29:31 AM slush wrote:
> AFAIK the only protection is SSL + certificate validation on client side.
> However certificate revocation and updates in miners are pain in the ass,
> that's why majority of pools (mine including) don't want to play with
> that...
Certificate validation isn't needed unless the attacker can do a direct MITM
at connection time, which is a lot harder to maintain than injecting a
client.reconnect. This, combined with your concern about up to date
certs/revokes/etc, is why BFGMiner defaults to TLS without cert checking for
stratum.
Luke
More information about the bitcoin-dev
mailing list