public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [Bitcoin-development] Electrum security model concerns
@ 2012-10-06 16:37 Gregory Maxwell
  2012-10-08 11:52 ` Mike Hearn
  2012-11-15 23:45 ` Gregory Maxwell
  0 siblings, 2 replies; 10+ messages in thread
From: Gregory Maxwell @ 2012-10-06 16:37 UTC (permalink / raw)
  To: Bitcoin Development, electrum.desktop

I'm concerned about how the particular security model of electrum is
being described; or rather— not being described.  The electrum website
appears to have no security discussion beyond platitudes like "Secure:
Your private keys are not shared with the server. You do not have to
trust the server with your money.", "No scripts: Electrum does not
download any script at runtime. A compromised server cannot compromise
your client."

Claims like "You do not have to trust the server with your money" are
factually incorrect.

What I would expect is a proper discussion, like "Understanding the
bitcoinj security model":
http://code.google.com/p/bitcoinj/wiki/SecurityModel  (which I don't
agree with completely— as it makes some claims which are known to be
false— wrt detecting double spends, but it does give a reasonable
overview),  and avoidance of broad claims which will result in
misunderstandings that result in users engaging in riskier behaviors
which they could avoid if they better understood the security of the
software they're running.



^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2012-11-16 17:44 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-10-06 16:37 [Bitcoin-development] Electrum security model concerns Gregory Maxwell
2012-10-08 11:52 ` Mike Hearn
2012-10-09  3:22   ` Gregory Maxwell
2012-10-10 11:19     ` Mike Hearn
2012-10-10 14:06       ` Gary Rowe
2012-10-10 15:23       ` Gregory Maxwell
2012-10-10 15:55         ` Mike Hearn
2012-11-15 23:45 ` Gregory Maxwell
2012-11-16 15:59   ` Mike Hearn
2012-11-16 17:44     ` Mike Hearn

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox