Published on: 2020-02-20T09:29:33+00:00
In a discussion about the limitations of libp2p in terms of security, Bastien Teinturier and Matt have pointed out that although libp2p is a versatile tool for peer-to-peer networking, it can be insecure due to offering too many options. They draw a parallel with TLS, which is also vulnerable to downgrade attacks. To address this issue, protocols like Wireguard have simplified their codebase to make auditing easier.When it comes to Lightning, the community prefers a simple transport with no configuration options, as it allows for easier implementation and testing. During the Milan meeting, they opted for a raw protocol instead of using protobufs, enabling them to specify each message down to the bit level and eliminate issues at that level. However, this decision sparked debates over endianness, resulting in some wasted time.The Lightning community has been questioned about their choice not to use existing open source technologies and standards, such as libp2p for communication or various multiformats standards for addresses, hashes, and encodings. In response, the community explains that while libp2p aims to be a versatile tool for peer-to-peer networking, it may not be the best option for security-focused use-cases. For Lightning, a very simple transport with no options is preferred. The complexity lies more in writing connection logic and peer management rather than in HTLC state machines and other aspects of Lightning. Crypto for Lightning does use the noise framework, but the resulting code is simple enough that it is feasible to write it from scratch instead of wrestling with a dependency. Additionally, incorporating simple connection logic into a Lightning implementation facilitates testing and fuzzing with the rest of the project.While building and evolving common toolkits and standards for decentralized systems could benefit the entire community, there may not be sufficient time for coordination and consensus to develop such specifications. Thus, the Lightning community opts for a simple transport and auditable dependencies in its implementation.The email author questions the fragmentation among different projects that share similarities in networking and encoding standards. They suggest utilizing existing open source technologies and standards like libp2p for communication and multiformats for addresses, hashes, and encodings. The author believes that establishing common toolkits and standards for decentralized systems, such as libp2p, multiformats, and IPLD, would be advantageous for the community as a whole. They inquire about why the Lightning community does not employ projects like libp2p and multiformats or if there was a deliberate decision to avoid using them. To provide context, the author includes links to libp2p, multiformats, and IPLD.
Updated on: 2023-07-31T22:41:27.477303+00:00