#bitsquare.io

waxwing: is there any reason other than the mnemonics , that makes Electrum your favorite client?

oakpacific, hi. no blockchain too. (cf armory)

i can load it up anywhere in a minute or two

waxwing: then why not ultrapruned client like multibit?

i used multibit first, way back when, but it was buggy and more importantly didn't have deterministic wallets

i think they have changed on the latter, recently. or if not, soon.

also, isn't it java? oracle's handling of java on the desktop has been worrying. from a purely amateur perspective.

waxwing: i don't know, from an extra virgin amateur perspective, Java seems to be the most respected programming environment/runtime

well java on the desktop itself - debatable. but deterministic was a dealbreaker.

dansmith_btc: what bitcoin wallet do you use?

wtf i'm getting crypsty spam, never even used them.

waxwing: does electrum store blockheaders locally or nothing?

hmm i think it does store headers

yes

and utxo set?

oakpacific, not sure exactly what it stores. but as you know most of the work is done by the servers.

waxwing: yeah, but at least there should be a ultrapruned blockchain or.......

Electrum is not SPV.

waxwing: okay, then i am sure it may suit your or a lot of people's needs, but not worth recommending:)

or, maybe it is technically? but not a proper SPV? Not sure.

oakpacific, what attack vector are you concerned about?

waxwing: MITM e.g.?

how can that do more than inconvenience you?

or are you concerned principally about privacy?

especially it's dubious whether the Electrum server authenticates anything

there are SSL connections and there are hidden service servers (although flaky)

waxwing: no, if your connection is isolated, the middle man can feed you a false blockchain to convince you that your tx is in the chain

yes you can be misled, but you can't be stolen from

it's very easy to use a second source of info to verify (on the web like bc.i).

waxwing: yeah, but that's what blockchain is designed to prevent, the double-spend attack

oakpacific, if you just mean you can't trust balances/tx reporting in the wallet, i agree. i don't need to do that

nowadays we have at least 3 or 4 decent block explorers anyway

waxwing: right, i am just saying it may not be worth recommending, it's a big enough concern for lots of people

oakpacific, well, i disagree. to me the practicalities are important. if a system is theoretically perfectly secure but is too inconvenient to use (say when you're crossing a border) you'll end up cutting corners anyway. At *base*, electrum is not insecure, because you keep control over your priv keys.

waxwing: the status quo is that all clients have significant convenience/security tradeoffs

right. i wouldn't recommend electrum to a large org/business that was going to be using bitcoin in a serious way.

but when most people ask about it, they ask as ordinary people (somewhat technically knowledgeable)

if they're completely clueless it's difficult. web wallets might be better than nothing for them (although they can't trust that stuff with real money)

waxwing: okay but i guess next time you can present a complete picture by mentioning the fact that it doesn't store a blockchain in any form :)

Btw if Electrum starts becoming a SPV I would consider switching

oakpacific, it does have blockchain headers. i'm actually a bit confused about what it's storing client side.

waxwing: well in that case i guess it's generally OK

somewhere i saw someone saying it's SPV, somewhere else saying not. To me the functional effect is I can't trust balances in a wallet - but ironically, that was my main complaint when i started using multibit

it was constantly failing to update to the correct balances.

but it's all very fuzzy, what kind of response it's going to provide under all kinds of circumstances/attacks

i did use it in the past, it has a nice Apple-ish interface pro point :)

also, almost too many features

but since the blockchain is everywhere, one eventually stops worrying about whether one's wallet reports balances correctly. that's not the job it's doing really.

oakpacific, i still don't really understand what you meant about double spend.

waxwing: well double spend is essentially, you tell one person one version of the tx history, and the whole network another version

consensual ordering of txs, etc, etc

now if your connection is isolated, when you are, say, selling some goods to a person

the person can transmit a false blockchain to you, telling you that the tx paying you is confirmed

while in the blockchain "at large" nothing happens

oakpacific, ok i'm starting to get the relevance here. if you use a P2P wallet like multibit then to defraud a merchant say, you'd need to convince them that all nodes they connect to say something

whereas with electrum you might achieve the same result with one corrupt server

bear in mind that there are tons of servers nowadays and clients usually choose randomly.

waxwing: well, not exactly,if you store all blockheaders(and maybe also the most recent blocks and the utxo set i am not sure), the false chain feeded to you must be able to calculate a block with a diff larger than the current largest one, which is costly

oakpacific, ok. for confirmed txs that's true. so that's why the client stores headers :)

waxwing: right, as i already said above, it all depends on what you really store

which is what i am trying to find out

oh but, i see, you'd need some kind of pruned chain.

right. it's either SPV or it isn't. i had it in my mind that it wasn't, that you just trusted the server. just never looked into it, because i never saw a reason to really trust a server.

since.. the blockchain is basically everywhere :)

oakpacific, comment on stackexchange: "to complete what you've said: Electrum client connects to multiple Electrum servers in order to retrieve block headers and find the longest chain. This way it can avoid malicious servers"

waxwing: okay, i take it to mean that, as long as not all of the nodes are MITMed(e.g., by the guy controlling your connection), then it's sage

safe

oakpacific, yeah seems to imply that doesn't it.

bbl

if you use ssl with electrum, i'm not sure how easy it's going to be to MITM connections to multiple servers..

waxwing: well, not that difficult actually, say a Starbucks router that is compromised

oakpacific, but ssl?

waxwing: yeah, i didn't fiugre out your meaning in the first go

but on another point, the general impression seems to be that the electrum servers cannot attack you in any meaningful way

oakpacific, right. i guess like most things, it's about understanding exactly what you're trusting it with.

meanwhile some nice coverage here: http://arstechnica.com/security/2014/09/concern...

waxwing: i saw you discussing something on Reddit which happened to go through my mind before

that if i have a cold storage laptop i should not be too eager to upgrade anything actually

oakpacific, right i wasn't sure about that. it's an interesting point.

dansmith_btc, oakpacific , mkarrer , interesting design from drwasho: https://gist.github.com/drwasho/a0225f5455e5080...

waxwing: just read it. interesting but IMO too complex and the I don't see much benefit form the separation of notary/arbiter. I see benefits abut it also add complexity/problmes/usability issues, so not sure if its worth the extra effort

mkarrer, i do agree on your main point: the complexity is growing a lot in that model.

on whether it's suitable to separate notary and arbiter, i'm not decided. like you, i see pros and cons.

However I do think the 4/4/3/3/1 model is quite a good one. 8 for counterparties, 3 each for selections and 1 random as a tiebreaker.

comes down to the point how easy it is to setup sock puppets, then the 3 have not more value then 1. and the random 1 is the only left which has value. i prefer to build the security on the deposit they have to pay and of a second round in doubt cases.

have to leave now...

3 instead of 1 to get the right thresholds. e.g. buyer + all buyer's notaries is not quite enough; need at least one more to get the money (e.g. the random)

waxwing: yes i understand but lets assume it is easy to create fake arbiters and u create 3 sock puppets and I do the same, then we control each 7 keys. 8 are needed, so the only one which counts is the random.