RFC5389 STUN

From EmerWiki
Jump to: navigation, search

The Problem

Bitcoin and its descendants (PPC, QRK, etc) all use the same public web server to obtain an external IP address. Hardcoded into the client software were two public servers: http://checkip.dyndns.org and http://www.showmyip.com, but with www.showmyip.com now out of service, all Bitcoin and altcoin networks are currently dependent on a single server: checkip.dyndns.org. If this server fails, then coin networks that rely on it will suffer a dramatic loss of stability. Stability will be lost because peers won't be able to advertise themselves to other peers in the P2P network, and overall network connectivity will be significantly decreased.

Furthermore, this mechanism for obtaining an external IP is based on a non-standardized text protocol designed for human readability. If the site owners happen to modify their output (perhaps, for better readability) then all reliant networks would be unable to parse and understand replies. Results in this case would be the same as if the server was nonexistent.

In addition, the hardcoded request has a distinct signature and is well known and dyndns.org's owners could theoretically analyze their server logs and collect a list of the IP addresses of all peers who are running coin wallets. Users often run their wallet software just before sending transactions, meaning that an analyst could easily correlate wallet start with transaction time and associate it with an IP address. This is a serious compromise of users privacy.

The problem is discussed in the cryptocurrency community but without any positive outcome until now. For example, here.

The Emercoin solution

Emercoin substituted the non-standard mechanism employed by Bitcoin and other altcoins with a mature standard, RFC5389 (STUN), that has been designed specifically for this kind of use case. STUN is a lightweight UDP-based protocol that has been used successfully in SIP-based applications (VOIP, IP-video) for over 10 years. Since STUN is standardized, we can use a much larger list of servers to request our external IP, and always be sure that the Emercoin wallet can understand the answer.

At time of writing, the latest Emercoin wallet chooses at random from 263 geographically distributed redundant STUN servers to obtain its external IP address. Therefore, nobody can collect a significant list of users. Additionally, the wallet includes measures to randomize the signature of the request, making it difficult to distinguish an Emercoin wallet request from any other sent by an IP phone or softswitch.

For the first time in cryptocurrency history, the STUN protocol is being used instead of a non-standard web service. We are glad to have removed this unnecessary dependency on a centralized server which in turn will provide increased network stability and improved privacy for all Emercoin users.