Author: Lloyd Fournier 2021-04-27 23:36:02
Published on: 2021-04-27T23:36:02+00:00
In an email exchange between two individuals, Rusty Russell expresses his reservations about a proposed method, stating that it removes the ability to update a channel without access to the node's secret key. The proposed method involves keeping the per-channel keys in an HSM and having different keys for DH and channel updates. Russell believes that it would be a perfectly acceptable tradeoff not to use the secret key for gossip and to DH to set up a new peer connection. However, the proposed method may be desirable for those who are concerned about lost data without backups, which poses a greater risk to their funds in lightning. The proposed method also doesn't get rid of temporary_channel_id since the generation_number isn't known until both sides have sent it. This can be addressed through a workaround already in dual-funding. The sender can send an error back indicating what they are up to if they are using the wrong generation. Regarding the "gap" problem, Russell suggests that it is not a big issue as it is possible to scan over large gaps and leave the node on for days. The proposed method involving an encrypted blob served by peers offers another way to do this, although it requires the assumption that at least one peer is honest. Encrypted backups are seen as complementary to this scheme as they allow users to find a peer they have had a channel with and then find others and check against them.
Updated on: 2023-06-03T03:16:21.924837+00:00