[Bitcoin-development] Electrum security model concerns

Mike Hearn mike at plan99.net
Mon Oct 8 11:52:26 UTC 2012


> What I would expect is a proper discussion, like "Understanding the
> bitcoinj security model":
> http://code.google.com/p/bitcoinj/wiki/SecurityModel

That page was old, it stated that pending transactions aren't provided
to the app which hasn't been true for a long time.

I've rewritten and extended it. You may still not like what it says ;)
but it should at least be more thorough now. It also links to the ETH
paper.

Re: Electrum. In fairness the electrum page is designed for end users
and the bitcoinj page is designed for app developers. As far as I
know, there are no bitcoinj based clients that try to explain
transaction confidence to end users.

I don't think it's worth worrying about this too much right now. In
future the software end users and merchants use will diverge
significantly. At that time it'll be easier to tailor the
documentation to each user demographic. And I think Electrum type
services will go away once we do more optimizations like bloom
filtering and better peer selection logic, as the speed of SPV clients
will be comparable to Electrum/BCCAPI type clients but without the
need for a specific server operator.




More information about the bitcoin-dev mailing list