Author

Topic: The case for removing IP transactions (Read 2184 times)

founder
Activity: 364
Merit: 7423
September 19, 2010, 04:49:30 PM
#9
Probably best to disable receiving by IP unless you specifically intend to use it.  This is a lot of surface area that nobody uses that doesn't need to be open by default.

In storefront cases, you would typically only want customers to send payments through your automated system that only hands out bitcoin addresses associated with particular orders and accounts.  Random unidentified payments volunteered to the server's IP address would be unhelpful.

In general, sending by IP has limited useful cases.  If connecting directly without a proxy, the man-in-the-middle risk may be tolerable, but no privacy.  If you use a privacy proxy, man-in-the-middle risk is unacceptably high.  If we went to all the work of implementing SSL, only large storefronts usually go to the trouble of getting a CA cert, but most of those cases would still be better off to use bitcoin addresses.

I uploaded this change to SVN rev 156.  The switch to enable is "-allowreceivebyip".

Senders with this version will get the error "Recipient is not accepting transactions sent by IP address".  Older version senders will get "Transfer was not accepted".

I used a different name for the switch because "-allowiptransactions" sounds like it includes sending.  If there's a better name for the switch, we can change it again.
sr. member
Activity: 350
Merit: 252
probiwon.com
September 18, 2010, 07:54:49 PM
#8
But do not remove the IP-transactions at all, please!
https://bitcointalksearch.org/topic/m.13160
full member
Activity: 307
Merit: 102
September 16, 2010, 04:23:49 PM
#7
I've created a patch that disables receiving of IP transactions by default. They can be enabled with the "-allowiptransactions" option or "allowiptransactions=true" in the bitcoin.conf file.

Here's the patch:
http://github.com/aceat64/bitcoin-patchwork/blob/svn/patches/disable_ip_transactions.patch

I've already incorporated the patch into my custom client: http://github.com/aceat64/bitcoin-patchwork
LZ
legendary
Activity: 1722
Merit: 1072
P2P Cryptocurrency
September 16, 2010, 03:43:59 PM
#6
Seems that it would increase the security without decreasing the ease of use. So I like it. Smiley
full member
Activity: 307
Merit: 102
September 16, 2010, 01:47:34 PM
#5
Sorry, I guess I wasn't very clear in the original post. I would like for receiving of transactions by IP to be disabled by default.
sr. member
Activity: 434
Merit: 252
youtube.com/ericfontainejazz now accepts bitcoin
September 15, 2010, 10:43:39 PM
#4
It's not the sending that should be disabled by default, but the receiving, I think.

If the receiving end refuses to accept IP transactions, unless explicitly enabled, all the problems go away.

Right?

Right.  Good point!  Don't throw the baby out with the bathwater!
hero member
Activity: 482
Merit: 501
September 15, 2010, 10:40:22 PM
#3
It's not the sending that should be disabled by default, but the receiving, I think.

If the receiving end refuses to accept IP transactions, unless explicitly enabled, all the problems go away.

Right?
LZ
legendary
Activity: 1722
Merit: 1072
P2P Cryptocurrency
September 15, 2010, 10:31:50 PM
#2
So may be IP transactions should be enabled only for IP addresses ranges reserved for private networks?
What about forced transaction fees for other IP ranges? (Payee will accept only transactions with fees.)
full member
Activity: 307
Merit: 102
September 15, 2010, 09:57:43 PM
#1
Sending transactions to IP addresses should be removed or at least disabled by default.

As has been stated by many members of the community, it is in no way secure. I also believe that it may actually allow an attacker to determine the identify of an operator of a bitcoin node. Example, I send 0.01 BTC to various IPs on the network and record the IP and bitcoin address (a bitcoin address is autogenerated). If I run or have access to the information at one of the Bitcoin exchanges (or run a store/service that accepts bitcoins) I can then tie that IP address to the user of that site/service. In the case of an exchange I could tie that IP to a person's PayPal or bank account!

Another possible attack is to connect to a target node and initiate an IP transaction. The target will generate a new address, at which point you disconnect and start again. This might be useful as a denial of service attack.
Jump to: