[tor-dev] Per-peer stream isolation for Bitcoin clients

Jeremy Rand jeremyrand at airmail.cc
Tue Jul 2 13:50:49 UTC 2019 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Thanks everyone for the excellent feedback, that was very helpful in
understanding the issues at play.

s7r:
> But this is not the proper way to use Bitcoin behind Tor. So stream
> isolation for clearnet type circuits shouldn't even be a concern.
> Whonix's tor-service-defaults-torrc chooses to disable automatic
> per-peer stream isolation for Bitcoin's SOCKS port and I think it does
> the right thing, because this is not how Bitcoin should be used behind
> Tor.

Yes, I'm aware that Bitcoin Core supports stream isolation without
relying on a torrc setting.  Even if Whonix is doing the right thing
here, the comments in Whonix's file suggest that they're doing it for
the wrong reason.

It should also be noted that not all Bitcoin clients do what Bitcoin
Core does (and in fact part of the motivation for my inquiry was to
determine if I should be submitting patches to those clients to make
them mimic what Bitcoin Core does).  Using a torrc setting would
probably provide some useful defense-in-depth in case a Bitcoin client
isn't doing stream isolation on its own.

Cheers,
- -- 
- -Jeremy Rand
Lead Application Engineer at Namecoin
Mobile email: jeremyrandmobile at airmail.cc
Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C
Send non-security-critical things to my Mobile with OpenPGP.
Please don't send me unencrypted messages.
My business email jeremy at veclabs.net is having technical issues at the
moment.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEVB3fdzAraEcoBtkSs/LRZXhtZXAFAl0bYTcACgkQs/LRZXht
ZXCSeg//Q9HztuCzK8iVNeu193xr711MquKabRUH/d08NRHTFW7Ltuwns31jGPel
JPcX0e01u/2yT7Rzzc2Ryx5JcGHv6kOjOmY2OD3QHnVUHVhZBEyvQtlvYw2SKKli
8nEUmZotLOxv2X3/tc7RgNCHn0982F1BcJRuZHd8KpswV0tcG801HzkZz+W5NJ/4
WQO6VNnYOlv4ARddjVuxWhkqkHACmnQJ/z7nKqO7O2b54gWy7FEPhfWjHsbHPlo8
MaXwQdunOYtkYJ/afQA4bLb7Rmg50xjRzoO1oWK68yKqqX2hOe1dV+WfGak63eR/
eY3xjM6gLqR8jxdtW491BgatAh0hNr7q/V55VEXoMq1g/QL2JW43LhCfJI0SuT+h
K3LVnX9iuq+MIMEHuJ1eVM7rWVO5g2thpFfvnCR82faCUKZa6VRoS/4r1XGqU0rW
1pg1b67Cu4iVVmKdSmlOHDNhk1yZOY5HU3bpM4BeZi/1dqvZG+yOMtVgYGVPl1ma
iXsfMcbTWIXCEAobAanbgG6NEgiUQUCm39yp+mqQErd4VkRc79kCHII4VznjuoZ7
jLpRT28OA6Xgzvby+AfFEXX/Mot2BwX33aoQX4nKk+aWmg1CG6xtbfjLKgRhNsMx
Goca1Cbc8zqsBZzCjOxgDWFSDrj9Yxg5+cn5AG4kAN2M5aVEw6A=
=pE+P
-----END PGP SIGNATURE-----

More information about the tor-dev mailing list