Author: Rusty Russell 2018-11-05 01:38:14
Published on: 2018-11-05T01:38:14+00:00
In a discussion on the Lightning-dev mailing list, user ZmnSCPxj suggests that in the payer-supplied data case, 'm' should include a signature for a key only the payer knows, which would allow them to prove they made the payment. Another user, aj, argues that this is unnecessary and that as long as there was a payment for delivery of the widget to "aj" in "Australia," it does not matter how the payment was technically made. However, ZmnSCPxj points out that vendors often do not need to know any information about their customers. He also highlights the issue of sock puppetry, where someone else could claim to be the person who made the payment. Technically speaking, all AJ in Australia needs to show is that he or she knows the private key behind the public key indicated on the invoice. Before payment, only the payee knows this private key. After payment, both AJ in Australia and the payee know this key. However, Rusty questions whether the merchant (payee) could also produce this proof, and jokingly refers to the "lizard masters" at Blockstream being able to do so.
Updated on: 2023-05-25T15:08:15.654845+00:00