Author: CJP 2019-01-02 21:06:49
Published on: 2019-01-02T21:06:49+00:00
The discussion takes place in a mailing list where the writer ZmnSCPxj is discussing whether leaving a small security hole unpatched would be better than replacing it with a trusted third party. To support the argument, ZmnSCPxj compares SSH's non-authenticated initial key exchange problem, which is small, and SSL's problem of using trusted third parties for key authentication, which is big. The writer believes that Route Makers are not a big problem since they are fungible towards each other, and a single attack by a Route Maker is typically not a big deal. False positives are possible, so a Route Maker might get suspended after abuse detection for some time. ZmnSCPxj suggests a different routing from S to RM, one that reveals nodes' distance to RM but not to S, to ensure that RM behaves honestly. The just-before-last node can monitor the time that RM pulls the HTLC, and then provide proof that RM had the ability to pull the HTLC but did not do so. However, another writer named CJP points out that this proposal sounds like a lot of trouble, while it hardly solves anything. RM can control all nodes that can possibly fulfill the 'G' role, and thereby stop any evidence being generated against the RM node. CJP prefers that each layer solves its own problems in a clean and elegant way, without involving every single Lightning node recursively.
Updated on: 2023-06-02T16:19:35.816720+00:00