[tor-dev] Per-peer stream isolation for Bitcoin clients
jeremyrand at airmail.cc
Tue Jul 2 13:50:49 UTC 2019
-----BEGIN PGP SIGNED MESSAGE-----
Thanks everyone for the excellent feedback, that was very helpful in
understanding the issues at play.
> But this is not the proper way to use Bitcoin behind Tor. So stream
> isolation for clearnet type circuits shouldn't even be a concern.
> Whonix's tor-service-defaults-torrc chooses to disable automatic
> per-peer stream isolation for Bitcoin's SOCKS port and I think it does
> the right thing, because this is not how Bitcoin should be used behind
Yes, I'm aware that Bitcoin Core supports stream isolation without
relying on a torrc setting. Even if Whonix is doing the right thing
here, the comments in Whonix's file suggest that they're doing it for
the wrong reason.
It should also be noted that not all Bitcoin clients do what Bitcoin
Core does (and in fact part of the motivation for my inquiry was to
determine if I should be submitting patches to those clients to make
them mimic what Bitcoin Core does). Using a torrc setting would
probably provide some useful defense-in-depth in case a Bitcoin client
isn't doing stream isolation on its own.
- -Jeremy Rand
Lead Application Engineer at Namecoin
Mobile email: jeremyrandmobile at airmail.cc
Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C
Send non-security-critical things to my Mobile with OpenPGP.
Please don't send me unencrypted messages.
My business email jeremy at veclabs.net is having technical issues at the
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the tor-dev