JeremyRand
commented
4 years ago Seems like cert pinning is another example of something that could benefit from Electrum being aware of which server names are actually the same server. However, it's also conceivable that different server names would have different certs, so maybe we shouldn't try to do that.
The default server list only includes DNS domain names. This is problematic in particular for Namecoin, because Namecoin is designed to be an alternative to DNS -- Namecoin is kind of useless if it breaks whenever DNS breaks.
AFAICT the quick-and-dirty way to solve this is to also include the IP addresses of the default servers in the server list. A better solution would probably be for the server list to support listing multiple addresses for each server, so that Electrum-NMC "knows" about the pairing of domain names to IP addresses and can use that data for Sybil prevention. (But maybe it already knows this if it's looking up the IP addresses of the domain names? Does it know this if it's going over a proxy with remote DNS?)
At some point we should also raise this with upstream Electrum. It's less of a critical issue for them since they're not advertised as a DNS alternative, but still worth fixing.
(Including
.oniondefault servers would also help the situation, but is outside the scope of this issue.)