Re: [Tails-dev] Update Electrum documentation for Tails 1.8 …

Nachricht löschen

Nachricht beantworten
Autor: s7r
Datum:  
To: Michael English, sajolida, The Tails public development discussion list
Betreff: Re: [Tails-dev] Update Electrum documentation for Tails 1.8 upgrade to version 2.5.4

On 11/24/2015 9:00 PM, Michael English wrote:
> Sajolida:
>
> “If I understand correctly, the main issue here is about the
> *change* (and not about the behavior itself), then this should be
> mentioned most of all in the release notes. If you think that the
> behavior itself might be confusing, then I guess that this should
> be solved upstream (in their documentation or the software
> directly).” S7r and I disagree. Simply noting the change of default
> base unit could have a big impact in avoiding confusion.
>
> “If they have to perform a specific action, then this should be
> documented. If they don't have to perform a specific action, then
> maybe we need to adapt the current warning about 'Do not blindly
> trust the bitcoin balance'.” Yes, they do have to perform a
> specific action to select the onion Electrum server at the moment.
>


Why do you think it's mandatory to use an .onion server with Electrum
in Tails? All these were not a problem until now in 1.9.8 and it
worked in Tails very good. 2.5.4 is not that different.

> s7r:
>
> The mistake that you are making is being too specific with your
> documentation proposal. Please see the Tails documentation
> contributors page:
> https://tails.boum.org/contribute/how/documentation/ . I also
> proposed specific documentation like yours here:
> https://mailman.boum.org/pipermail/tails-dev/2015-March/008302.html
> and found out that it belonged in the Electrum wiki instead of
> Tails.
>


Ok sorry my mistake - I wasn't aware of the Tails documentation
guidelines. I basically included as much as I could so you can select
only what's necessary and knife the rest.

> The main debate is over the DoS documentation. This is a good
> summary by anonym of a worst case scenario: “Thanks to SPV, the
> server can spoof the wallet balance. Hence the server operator can
> scam Tails users, e.g. s/he can buy stuff from a Tails user, and
> then bump their balance with that exact amount so it looks like
> they've received payment.”
>


I don't exactly understand what you mean when you say DoS and not sure
what would you like to include in the documentation. Obviously an user
shouldn't trust an unconfirmed transaction, but this recommendation
usually goes for full wallets as well not only SPV. This is already
written everywhere and that's why Electrum shows the unconfirmed
balance separately.

> The DoS problem is difficult to solve. The best solution would be
> for Tails to sponsor its own onion Electrum server.
>


I don't like this too much, making a decentralized service partially
centralized, but I also don't oppose it until we fix upstream the
auto-connect synchronization issue reported by anonym. I am already on
it but don't know how much time it'll take - hopefully not too much.

> Documenting what an Electrum server is is completely off topic for
> the Tails documentation.


OK. Thought it's important for user to know what an Electrum server
can or cannot do.

> I strongly disagree. DoS should be mentioned as it has a
> possibility (although unlikely) to have a devastating effect on
> Tails users.


How exactly? Can you explain me detailed where you think the DoS risk
is? Again, the linked research paper has nothing to do with Electrum.
The fact that an electrum server runs on top of bitcoin core which is
mentioned in that research paper cannot be taken into consideration
(how do we even know if the bitcoin core running on the electrum
server we are connected to uses Tor for its peer to peer connections
with other nodes).

The problem here is that I don't know how you define DoS in this
context. From my point of view an Electrum Server lying about an
unconfirmed balance until first block is mined cannot be called DoS.
(Also, in this case, the server has to OWN the coins apparently spent
and target a certain user which is behind Tor (so anonymous) which is
highly unlikely.).

>> There's no current setting for this, but I made a note for this.
>> Some option like prefernet=tor.
> Good idea. You should propose this feature to Github
> https://github.com/spesmilo/electrum so that it can be included in
> Tails in the future.


Will do. Noted it down.

> I absolutely agree. This is the best long-term solution although
> it requires cost in hosting and maintenance. Your server should not
> be trusted unless merged into Tails developers' exclusive control.


I completely agree. If you arrange for a server and need help in
setting it up or maintaining it and you think I could help do let me know.

>> - An Electrum server could not broadcast an outgoing transaction
>> (payment) sent by you;
> I'm not sure what you mean by this.


When you send a transaction from Electrum, it's sent do the Electrum
server to which you are connected. The server automatically feeds it
to bitcoin core via cli command which broadcasts it to the peers (and
into the network). The Electrum server could skip this step and drop
your transaction, never send it to the network.