Author: Alex Akselrod 2022-09-01 17:56:04
Published on: 2022-09-01T17:56:04+00:00
The New York Digital Investment Group (NYDIG) is exploring ways to strengthen large LND deployments. Currently, LND must verify the identity of external untrusted peers during the noise handshake before enforcing any potential key-based allow lists. This verification is done in the same process as the node's other critical tasks, such as monitoring the chain. To reduce the attack area of the main node process, NYDIG proposes separating peer communication into a separate process that runs separately from the node's critical tasks. The connections would be multiplexed over a single network connection initiated from the node to the proxy. The core idea is demonstrated in a draft PR on GitHub. Alex Akselrod seeks early feedback on the direction of this proposal and plans to build it into a fully working feature if it proves interesting.
Updated on: 2023-06-03T09:44:23.449494+00:00