Is mSIGNA a full validation wallet?

[gurnec]

I believe that mSIGNA is an SPV client, although it's listed (on the choose-your-wallet page) as a full validation wallet. Maybe I'm wrong, though....

Perhaps @CodeShark could clarify?

[saivann]

Like Armory, both require a local full node to work, and inherit the security of a full node. mSIGNA also lets the user configure the wallet to use a remote full node, but that isn't the default and no list is pre-populated. As far as I'm concerned, I would also be fine with giving both Armory and mSIGNA a specific score text instead of the current one to better document this.

[gurnec]

(Apologies for the delayed response.)

It seems counterintuitive that adding a small feature to mSIGNA (the ability to connect to multiple random nodes as opposed to a single statically-defined node) would actually decrease its score.

However I'm convinced that your line of reasoning is correct.

If there were any interest in a slightly more accurate score text, I'd suggest replacing the first sentence which currently reads:

This wallet is a full node that validates and relays transactions on the Bitcoin network.

With this first sentence, which would result in (the other sentences are unchanged):

This wallet requires you to install full node software alongside it that validates and relays transactions on the Bitcoin network. This means no trust in a third party is required when verifying payments. Full nodes provide the highest level of security and are essential to protecting the network. However, they require more space (over 20GB), bandwidth, and a longer initial synchronization time.

It's unfortunately a bit on the long side... I don't have any strong feelings here, so I've no problem if anyone thinks it's simply not worthwhile.

[saivann]

@gurnec Sounds good to me, agreed on keeping a good score for Armory and mSIGNA here.

How about you drop "alongside it" in your suggested text? (It fits better in the bubble this way).

This wallet requires you to install full node software that validates and relays
transactions on the Bitcoin network. This means no trust in a third party is required
when verifying payments. Full nodes provide the highest level of security and are
essential to protecting the network. However, they require more space (over 20GB),
bandwidth, and a longer initial synchronization time.

[gurnec]

@saivann I was debating how to emphasize that additional software is required, e.g. "to install additional full node software" or "requires you to also install full node software", or the first version I mentioned.

I have no strong opinions on any of them -- if you think the shorter version is best, that's fine with me.

(FWIW, all of these versions overflow to 7 lines in my Chrome/Win7, and only the shortest (your) version squeezes into 6 lines in IE11.)

[saivann]

@gurnec Isn't it mentioned in your text? "requires you to install full node software". My small suggestion (removing "alongside it") is just meant to prevent the design issue of having one word on an empty line, which isn't so good looking / readable (see below)

[gurnec]

Hmm... I'm confused now, sorry.

Were you thinking of changing checkGoodValidationFullNode? I was thinking of adding checkGoodValidationFullNodeRequired for just Armory and mSIGNA with different wording, which is why I was also trying to emphasize that those wallets require additional software to be installed along with Armory or mSIGNA.

Regardless, I'm perfectly happy with the shorter text since it seems less likely to wrap (although in my Chrome/Win7 it still does wrap):

[saivann]

I was thinking of adding checkGoodValidationFullNodeRequired for just Armory and mSIGNA with different wording.

Yes, that's also what I was understanding, that sounds good to me.

[gurnec]

I was thinking of adding checkGoodValidationFullNodeRequired for just Armory and mSIGNA with different wording.

Yes, that's also what I was understanding, that sounds good to me.

OK, thanks for clarifying. (You're screenshot threw me a bit, it looked like Bitcoin Core in the background).

[saivann]

@gurnec Ah sorry yes, I was editing the text live to create a screenshot :) I tested the short version on Chrome Linux, IE9 Win 7. Anyway, that's just a suggestion :) . Your screenshot with Chrome Win 7 doesn't look too bad to me compared to the one with just "time" on the last line.

[gurnec]

@saivann Ah, I understand now, thanks (and I agree that they both look fine).

[saivann]

@gurnec Did you plan to submit a pull request? Otherwise I can push a direct commit in the next days.

[gurnec]

@saivann For this small a change it didn't matter to me one way or the other; I have a commit ready to go so I'll go ahead and submit it.

[CodeShark]

mSIGNA is no less a full validation node than Armory - but mSIGNA also allows you to share a single full node installation across multiple devices to get full validation…and also supports SPV from an untrusted node. So mSIGNA doesn’t really require you to install full node software alongside itself…it allows you to, and assumes this as the default option.

-Eric Lombrozo

On Nov 20, 2014, at 4:41 PM, Christopher Gurnee notifications@github.com wrote:

@saivann https://github.com/saivann For this small a change it didn't matter to me one way or the other; I have a commit ready to go so I'll go ahead and submit it.

—
Reply to this email directly or view it on GitHub bitcoin#645 (comment).

[saivann]

@CodeShark Does the current version sound good enough to you? Since mSIGNA requires the user to take extra steps either ways (intalling a full node or configuring a remote node), I felt this text was OK, taking into account that we wish it to be used both on both Armory and mSIGNA while remaining short as much as possible.

[saivann]

Given the absence of response from @CodeShark, I will merge the pull request.

@CodeShark if you want to submit a change, please open a pull request in the following days otherwise current text will start being translated. Thanks!

[gurnec]

@saivann My sincere apologies, however I just noticed that the commit in my repo which you just merged was the earlier version (with the extraneous text "alongside it") which we agreed was too long. I just pushed the correct text to my repo. Please take whichever action is easiest to correct my faux pas....

[saivann]

@gurnec No problem, I just pushed your last commit. I wasn't sure if you prefered the other way and thought I had commented enough on this :) . Thanks for the update!

[CodeShark]

@saivann Technically speaking, you could use someone else's node - mSIGNA still does SPV. It would be vulnerable to SPV attacks (and particularly block withholding attacks) - and there are ways to mitigate these risks...but this is not the default use mode.

[saivann]

@CodeShark Yes, I think I understand that. I was just wondering if you had any issues with current text, which doesn't explain all details or optional features. And if so, do you have a better sugestion that would be reasonably short and would work for Armory too?

[CodeShark]

@saivann If it is to work with both mSIGNA and Armory, it's a bit tricky to find a wording that's both accurate and short since mSIGNA and Armory work so differently when it comes to network synchronization. Having said that, it doesn't really matter all that much - the typical user of mSIGNA is expected to have at least a passing familiarity with Bitcoin Core.

[saivann]

@CodeShark By default both use and inherit the security of a full node, right? This is the only outlined information here (previously it said that your wallet was a full node, I think current text at the very least is more accurate, maybe it can be improved a bit, or maybe we can consider it good enough).