Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1TLBsv-0001rP-H9 for bitcoin-development@lists.sourceforge.net; Mon, 08 Oct 2012 11:52:33 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.212.175 as permitted sender) client-ip=209.85.212.175; envelope-from=mh.in.england@gmail.com; helo=mail-wi0-f175.google.com; Received: from mail-wi0-f175.google.com ([209.85.212.175]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1TLBsu-0005F5-Ds for bitcoin-development@lists.sourceforge.net; Mon, 08 Oct 2012 11:52:33 +0000 Received: by mail-wi0-f175.google.com with SMTP id hq4so2703967wib.10 for ; Mon, 08 Oct 2012 04:52:26 -0700 (PDT) MIME-Version: 1.0 Received: by 10.216.201.156 with SMTP id b28mr10046845weo.4.1349697146131; Mon, 08 Oct 2012 04:52:26 -0700 (PDT) Sender: mh.in.england@gmail.com Received: by 10.216.236.30 with HTTP; Mon, 8 Oct 2012 04:52:26 -0700 (PDT) In-Reply-To: References: Date: Mon, 8 Oct 2012 13:52:26 +0200 X-Google-Sender-Auth: ZGyI3_xBIAhwOV6d26RAjfLNUYk Message-ID: From: Mike Hearn To: Gregory Maxwell Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1TLBsu-0005F5-Ds Cc: Bitcoin Development , electrum.desktop@gmail.com Subject: Re: [Bitcoin-development] Electrum security model concerns X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Oct 2012 11:52:33 -0000 > What I would expect is a proper discussion, like "Understanding the > bitcoinj security model": > http://code.google.com/p/bitcoinj/wiki/SecurityModel That page was old, it stated that pending transactions aren't provided to the app which hasn't been true for a long time. I've rewritten and extended it. You may still not like what it says ;) but it should at least be more thorough now. It also links to the ETH paper. Re: Electrum. In fairness the electrum page is designed for end users and the bitcoinj page is designed for app developers. As far as I know, there are no bitcoinj based clients that try to explain transaction confidence to end users. I don't think it's worth worrying about this too much right now. In future the software end users and merchants use will diverge significantly. At that time it'll be easier to tailor the documentation to each user demographic. And I think Electrum type services will go away once we do more optimizations like bloom filtering and better peer selection logic, as the speed of SPV clients will be comparable to Electrum/BCCAPI type clients but without the need for a specific server operator.