[Bitcoin-development] Miners MiTM
sergiolerner at certimix.com
Sat Aug 9 12:15:26 UTC 2014
Since the information exchanged between the pool and the miner is
public, all that's needed is a mutual private MAC key that authenticates
This requires a registration step, that can be done only once using a
simple web interface over https to the miner website.
But the miner website is not the miner server, so the worst DoS would be
preventing new miners to join the pool, which is not very often.
The MAC key can be provided directly by the miner. And the pool
associates the MAC key with a Bitcoin public address.
The overhead would be minimal.
More information about the bitcoin-dev