Author: BitingBird Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] Electrum doc wrt. avoiding the negative effects of
DoS [was: Re: Article: Bitcoin over Tor isn't a good idea]
Edition even seems to be open to non-identified users.
So please improve upstream's documentation before including things in Tails.
Cheers,
BitingBird
sajolida: >> On 28/02/2015 21:35, Minoru wrote:
>>> sajolida,
>>
>>> Yes, this attack is not targeted. I think that I have provided
>>> enough information about the attack, so now we need to work towards
>>> a solution. Currently, I do not think that there a simple solution
>>> for all users. I wanted to write documentation so that users who
>>> were concerned could execute some solutions. I proposed writing
>>> the documentation for Tails because this attack is specific to
>>> Tails. Electrum would not want it on their website because it
>>> effects so few of their users and they do not host very much
>>> documentation anyway. You still have not told me what you think of
>>> the three sections of documentation that I proposed writing. I
>>> wanted your approval before I started working on it to meet the
>>> 1.3.1 release.
>
> Thomas White:
>> If I have followed this topic correctly, a solution or defence against
>> it would be to have more hidden service electrum services?
>
> Right, that's what I understood as well. The proper solution for this
> problem would then be to have a bunch of Electrum servers running behind
> hidden services and included in the default pool.
>
> When running Electrum from Tails, I see that it connects to several
> servers on port 50002. If we'd have a bunch of hidden services, operated
> by different people are organization, then I guess the problem would be
> solved. But that's not something we can fix in Tails (I think).
>
> But I've not seen that topic raised on the Electrum bug tracker. Minoru,
> do you know if it is already technically possible to add .onion
> addresses to the pool of server? If so, then I'm sure we can find
> volunteers to run them.
>
> Then regarding your documentation proposal, which are:
>
>>> 1. Explain block confirmations (temporary fix for Electrum displaying
>>> money that you actually do not have)
>>> 2. Explain watching-only wallets (temporary fix for Electrum not
>>> displaying money that you actually do have)
>
> Could you explain to a Bitcoin ignorant like me what are "watching-only
> wallets" and "block confirmations" and how someone using Electrum in
> Tails would implement them to defeat the attack? Very quickly, just to
> understand the idea...
>
>>> 3. Explain a possible long term solution to this problem by using
>>> trusted Electrum servers accessed by a Tor hidden service (I might
>>> remove this point because I'm not sure if it is currently possible
>>> execute this solution since not many .onion Electrum servers exist
>>> and it is difficult to trust centralized services)
>
> Seeing that Electrum connects to several servers in parallel, I
> understand that it is not relying on a centralized service.
>
>
>
> _______________________________________________
> Tails-dev mailing list
> Tails-dev@???
> https://mailman.boum.org/listinfo/tails-dev > To unsubscribe from this list, send an empty email to Tails-dev-unsubscribe@???.
>