Author: sajolida Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] Electrum doc wrt. avoiding the negative effects of
DoS [was: Re: Article: Bitcoin over Tor isn't a good idea]
> On 28/02/2015 21:35, Minoru wrote: >> sajolida,
>
>> Yes, this attack is not targeted. I think that I have provided
>> enough information about the attack, so now we need to work towards
>> a solution. Currently, I do not think that there a simple solution
>> for all users. I wanted to write documentation so that users who
>> were concerned could execute some solutions. I proposed writing
>> the documentation for Tails because this attack is specific to
>> Tails. Electrum would not want it on their website because it
>> effects so few of their users and they do not host very much
>> documentation anyway. You still have not told me what you think of
>> the three sections of documentation that I proposed writing. I
>> wanted your approval before I started working on it to meet the
>> 1.3.1 release.
Thomas White: > If I have followed this topic correctly, a solution or defence against
> it would be to have more hidden service electrum services?
Right, that's what I understood as well. The proper solution for this
problem would then be to have a bunch of Electrum servers running behind
hidden services and included in the default pool.
When running Electrum from Tails, I see that it connects to several
servers on port 50002. If we'd have a bunch of hidden services, operated
by different people are organization, then I guess the problem would be
solved. But that's not something we can fix in Tails (I think).
But I've not seen that topic raised on the Electrum bug tracker. Minoru,
do you know if it is already technically possible to add .onion
addresses to the pool of server? If so, then I'm sure we can find
volunteers to run them.
Then regarding your documentation proposal, which are:
>> 1. Explain block confirmations (temporary fix for Electrum displaying
>> money that you actually do not have)
>> 2. Explain watching-only wallets (temporary fix for Electrum not
>> displaying money that you actually do have)
Could you explain to a Bitcoin ignorant like me what are "watching-only
wallets" and "block confirmations" and how someone using Electrum in
Tails would implement them to defeat the attack? Very quickly, just to
understand the idea...
>> 3. Explain a possible long term solution to this problem by using
>> trusted Electrum servers accessed by a Tor hidden service (I might
>> remove this point because I'm not sure if it is currently possible
>> execute this solution since not many .onion Electrum servers exist
>> and it is difficult to trust centralized services)
Seeing that Electrum connects to several servers in parallel, I
understand that it is not relying on a centralized service.