On Sat, Oct 6, 2012 at 12:37 PM, Gregory Maxwell <gmaxw...@gmail.com> wrote: > I'm concerned about how the particular security model of electrum is > being described; or rather— not being described.
Just to close the loop on this: I finally got in touch with Thomas on IRC and walked over the security issues I brought up here, plus a number of other ones. He took the concerns seriously and rapidly redesigned big swaths of electrum to eliminate the issues structurally. Electrum no longer a classical thin client it is now a slightly watered down simplified-payment-validation node with generally the same security properties as other SPV nodes. Its network behavior leaves it somewhat more vulnerable to isolation and compromise by a high hash power attacker, because it does not (yet) make an effort to make sure it's really on the longest chain. It is also more vulnerable to transaction hiding (a DOS attack) for similar reasons. But this is still a massive improvement. The UI was also changed and the confirmation status of payments is no longer hidden. There are still things to improve— both in the client and the security communication to users. But I wanted to leave a note that it's come a long way and that I now feel confident that any remaining issues will be resolved. ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development