s7r, Please see my replies that follow.
>> The main debate is over the DoS documentation. This is a good >> summary by anonym of a worst case scenario: “Thanks to SPV, the >> server can spoof the wallet balance. Hence the server operator can >> scam Tails users, e.g. s/he can buy stuff from a Tails user, and >> then bump their balance with that exact amount so it looks like >> they've received payment.” >> > > I don't exactly understand what you mean when you say DoS and not sure > what would you like to include in the documentation. Obviously an user > shouldn't trust an unconfirmed transaction, but this recommendation > usually goes for full wallets as well not only SPV. This is already > written everywhere and that's why Electrum shows the unconfirmed > balance separately. Full wallets do not suffer from the same vulnerabilities of SPV. I am used to using Bitcoin in the most decentralized way, so, when I see an SPV client using centralized servers run by strangers, I become nervous especially when it is over Tor. That is a bad combination shown in the example of “Bitcoin over Tor is not a good idea.” Security is not black and white. There is a probability of risk that is assessed based on the environment that the software is in. Perhaps I am too paranoid and you are too confident. I hope that we can find a middle ground. > >> I strongly disagree. DoS should be mentioned as it has a >> possibility (although unlikely) to have a devastating effect on >> Tails users. > > How exactly? Can you explain me detailed where you think the DoS risk > is? Again, the linked research paper has nothing to do with Electrum. > The fact that an electrum server runs on top of bitcoin core which is > mentioned in that research paper cannot be taken into consideration > (how do we even know if the bitcoin core running on the electrum > server we are connected to uses Tor for its peer to peer connections > with other nodes). > > The problem here is that I don't know how you define DoS in this > context. From my point of view an Electrum Server lying about an > unconfirmed balance until first block is mined cannot be called DoS. > (Also, in this case, the server has to OWN the coins apparently spent > and target a certain user which is behind Tor (so anonymous) which is > highly unlikely.). The first mined block could never reach the client essentially putting the user offline. Yes, it is unlikely, but this is Tails where we take security seriously. >>> - An Electrum server could not broadcast an outgoing transaction >>> (payment) sent by you; >> I'm not sure what you mean by this. > > When you send a transaction from Electrum, it's sent do the Electrum > server to which you are connected. The server automatically feeds it > to bitcoin core via cli command which broadcasts it to the peers (and > into the network). The Electrum server could skip this step and drop > your transaction, never send it to the network. Wouldn't this be proof of DoS? _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
