summaryrefslogtreecommitdiff
path: root/e9/a5cd65e517e6a4e4eae878591413bf505fb405
blob: d46876caef5c34cea9c8af9728a5cddee9bfdfbe (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
	helo=mx.sourceforge.net)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <gmaxwell@gmail.com>) id 1TKXNW-0007Ow-Jm
	for bitcoin-development@lists.sourceforge.net;
	Sat, 06 Oct 2012 16:37:26 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.223.175 as permitted sender)
	client-ip=209.85.223.175; envelope-from=gmaxwell@gmail.com;
	helo=mail-ie0-f175.google.com; 
Received: from mail-ie0-f175.google.com ([209.85.223.175])
	by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1TKXNV-0004D1-PK
	for bitcoin-development@lists.sourceforge.net;
	Sat, 06 Oct 2012 16:37:26 +0000
Received: by mail-ie0-f175.google.com with SMTP id c13so6770462ieb.34
	for <bitcoin-development@lists.sourceforge.net>;
	Sat, 06 Oct 2012 09:37:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.50.236.66 with SMTP id us2mr4018492igc.8.1349541440436; Sat,
	06 Oct 2012 09:37:20 -0700 (PDT)
Received: by 10.64.34.4 with HTTP; Sat, 6 Oct 2012 09:37:20 -0700 (PDT)
Date: Sat, 6 Oct 2012 12:37:20 -0400
Message-ID: <CAAS2fgTVp7PhdJMfz-huyOsp=6Ca9wH6cVkedMgntXnK+ZpDXg@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Bitcoin Development <bitcoin-development@lists.sourceforge.net>,
	electrum.desktop@gmail.com
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -1.2 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(gmaxwell[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	0.4 AWL AWL: From: address is in the auto white-list
X-Headers-End: 1TKXNV-0004D1-PK
Subject: [Bitcoin-development] Electrum security model concerns
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sat, 06 Oct 2012 16:37:26 -0000

I'm concerned about how the particular security model of electrum is
being described; or rather=E2=80=94 not being described.  The electrum webs=
ite
appears to have no security discussion beyond platitudes like "Secure:
Your private keys are not shared with the server. You do not have to
trust the server with your money.", "No scripts: Electrum does not
download any script at runtime. A compromised server cannot compromise
your client."

Claims like "You do not have to trust the server with your money" are
factually incorrect.

What I would expect is a proper discussion, like "Understanding the
bitcoinj security model":
http://code.google.com/p/bitcoinj/wiki/SecurityModel  (which I don't
agree with completely=E2=80=94 as it makes some claims which are known to b=
e
false=E2=80=94 wrt detecting double spends, but it does give a reasonable
overview),  and avoidance of broad claims which will result in
misunderstandings that result in users engaging in riskier behaviors
which they could avoid if they better understood the security of the
software they're running.