Author: Rusty Russell 2015-10-21 01:11:45
Published on: 2015-10-21T01:11:45+00:00
In a discussion on the Bitcoin Lightning Network mailing list, Rusty Russell and Mats Jerratsch discuss ways to mitigate the risks associated with lightning nodes. They suggest having dedicated machines running firewalls against any incoming connections, but Russell believes this is unrealistic for consumers' wallets compared to nodes for routing/merchants. They then discuss mitigating the risk of MITM and eavesdropping by changing the protocol so that the one initiating the connection always sends his signed pubkey object first, but Russell argues that this won't work as it's possible to MITM Alice and Bob in the middle of a connection. Instead, they agree that sending a shared secret nonce avoids revealing anything if there's a MITM, while still allowing either one to re-establish the connection if they can actually talk. The session nonce would change each time to avoid correlation. Finally, Russell suggests that "successful handshake" is a bit vague, so it may require allowing +/- 1 nonce.
Updated on: 2023-05-23T21:04:59.019344+00:00