Moreover, "tricking someone into a false block chain header list" requires you in any case to spend PoW on that block chain header list of the same order of magnitude than the prong you want your SPV victim to believe. If you do that, you can just as well trick a full node into your prong.
SPV clients cannot validate the rules of the network and will hence be able to be tricked into a block with valid PoW but with differing rules from the reference clients. They are hence invalid as per full nodes which validates the full block. (I'm not talking about the merkel root part but the part which you said that nobody cares about the validity of a transaction.)
Since SPV clients blindly follow the chain with the longest valid PoW, it isn't that hard to cheat a SPV client.
No, as I outlined, that is not correct. In order to trick me into believing that, you have to provide me with of course the fake transaction, but you also have to provide me with the leg of the Merkle tree that connects its root to the transaction. That Merkle root is included in the block chain header list I have.
If that header list is ending on the block chain headers that mining pools are currently mining on, then I know that that transaction is a part of the very block chain miners are mining on right now. That is exactly the same block chain that full nodes have right now also.
Again: if, of two block chains, the leading heads of the header blocks are the same, both the ENTIRE BLOCK CHAINS are identical.
No disagreements here.
So there's no such thing as a rogue SPV server, IF I can have access to the latest block headers being mined right now. And even if I cannot have access to the latest blocks being mined (and then, my full node wouldn't get access either), that "rogue SPV server" still has to spend a lot of PoW to make the false prong. He will have to spend as much PoW grossly as attacking the real chain, and for this attack to succeed, he must also ensure himself to avoid me of learning about the real chain (that may have somewhat more PoW).
Your client assumes the chain with the longest PoW as the correct chain. If this happens, isn't your SPV client vulnerable?
A full node is just as "vulnerable" to such an attack.
A full node is vulnerable to a 51% attack definitely. But isn't your point about a block which violates the protocol rules? If anything, that block isn't valid.
If I can know the latest headers, I cannot be tricked into accepting anything in the block chain that a full node that is accepting these latest headers, wouldn't have accepted either.
And that begs the question: How do you get the latest headers, with a certainty that it is valid.