> On 28/02/2015 21:35, Minoru wrote: >> sajolida, > >> Yes, this attack is not targeted. I think that I have provided >> enough information about the attack, so now we need to work towards >> a solution. Currently, I do not think that there a simple solution >> for all users. I wanted to write documentation so that users who >> were concerned could execute some solutions. I proposed writing >> the documentation for Tails because this attack is specific to >> Tails. Electrum would not want it on their website because it >> effects so few of their users and they do not host very much >> documentation anyway. You still have not told me what you think of >> the three sections of documentation that I proposed writing. I >> wanted your approval before I started working on it to meet the >> 1.3.1 release.
Thomas White: > If I have followed this topic correctly, a solution or defence against > it would be to have more hidden service electrum services? Right, that's what I understood as well. The proper solution for this problem would then be to have a bunch of Electrum servers running behind hidden services and included in the default pool. When running Electrum from Tails, I see that it connects to several servers on port 50002. If we'd have a bunch of hidden services, operated by different people are organization, then I guess the problem would be solved. But that's not something we can fix in Tails (I think). But I've not seen that topic raised on the Electrum bug tracker. Minoru, do you know if it is already technically possible to add .onion addresses to the pool of server? If so, then I'm sure we can find volunteers to run them. Then regarding your documentation proposal, which are: >> 1. Explain block confirmations (temporary fix for Electrum displaying >> money that you actually do not have) >> 2. Explain watching-only wallets (temporary fix for Electrum not >> displaying money that you actually do have) Could you explain to a Bitcoin ignorant like me what are "watching-only wallets" and "block confirmations" and how someone using Electrum in Tails would implement them to defeat the attack? Very quickly, just to understand the idea... >> 3. Explain a possible long term solution to this problem by using >> trusted Electrum servers accessed by a Tor hidden service (I might >> remove this point because I'm not sure if it is currently possible >> execute this solution since not many .onion Electrum servers exist >> and it is difficult to trust centralized services) Seeing that Electrum connects to several servers in parallel, I understand that it is not relying on a centralized service.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
