Author: Anthony Towns 2015-10-19 22:09:09
Published on: 2015-10-19T22:09:09+00:00
In an email exchange from October 2015, Mats Jerratsch and aj discussed the risks associated with IP-PubKey-Relationship in lightning nodes. Jerratsch suggested adding it to the gossip protocol. Aj agreed but mentioned the need to mitigate associated risks. The suggestion was then made to have lightning nodes run on dedicated machines and firewalled against any incoming connections. However, aj pointed out that this distinction between wallets for consumers and nodes for routing/merchants would pose a problem since lightning wallets cannot realistically run on dedicated machines/IPs. To mitigate the risks of MITM and eavesdropping, Jerratsch proposed changing the protocol such that the one initiating the connection always sends his signed pubkey object first. However, aj disagreed, stating that if Alice and Bob were being MITM'd, sending a shared secret nonce instead and then just sending signatures avoids revealing who they are while still allowing them to re-establish connection if they can actually talk.
Updated on: 2023-05-18T15:31:02.162571+00:00