Author: Benjamin Mord 2018-01-11 17:29:38
Published on: 2018-01-11T17:29:38+00:00
In RFCs, it is useful to have a brief discussion about the meaning of terms such as MUST, SHOULD, and MAY. However, the traditional approach to protocol design assumes cooperative nodes and later tries to retrofit security when it is discovered that not all nodes are operating in good faith. The initial definition of MUST in RFCs presumes good faith and inadvertently invites implementers to lower their guard. However, integrity despite adversarial nodes is an explicit design goal of the lightning network.When a BOLT states that a lightning node MUST do something, it should be stigmatized as "non-compliant" with protocol consensus as documented in BOLTs whenever discussed. Violation of a MUST should be considered hostile, and it encourages nodes to fail a channel or connection upon observing a violation of that MUST. Implementers may also take implementation-specific defensive measures deemed appropriate, provided they have cryptographic evidence that the violation is not forged. However, a MUST does not assure implementers that they may assume this MUST will be respected by remote nodes since it is not the purpose of MUST to convey that cryptographic safeguards or such elsewhere in the protocol design have arranged to force adherence.It may be worth explicitly stating somewhere along with definitions of SHOULD and MAY.
Updated on: 2023-05-24T18:27:19.098914+00:00