|
Title: Message Post by: styx1776 on November 24, 2013, 11:08:12 PM Message
Title: Re: Electrum vs. Multibit: Network Security Post by: gmaxwell on November 24, 2013, 11:14:28 PM Worse, multibit just connects to whatever nodes are returned in a DNS query, which is easily spoofed.
If electrum really has multiple servers plus SSL authentication working now then I think its easily arguable that its security is strictly superior to multibit. Title: Re: Electrum vs. Multibit: Network Security Post by: Mike Hearn on November 24, 2013, 11:33:18 PM SSL doesn't mean a whole lot unless you're going to institute some kind of central control over who gets to run nodes. I mean, if the NSA turns up and wants to run 10,000 electrum servers, who would tell them no?
However, if Electrum is now implementing the real SPV model where it's asking a lot of different servers to give it the chain, verifying that chain, selecting the hardest one it can find etc then I agree it shouldn't have a warning anymore, although at that point I wonder why they bothered re-inventing the P2P protocol when they could have just extended it. |