Author: Olaoluwa Osuntokun 2022-09-02 00:37:14
Published on: 2022-09-02T00:37:14+00:00
In a message sent to the Lightning-dev mailing list, Alex Akselrod from NYDIG discussed their current project to harden large LND deployments. Currently, when untrusted peers make inbound connections, LND must verify the peer's identity during the noise handshake before enforcing any potential key-based allow lists. To reduce the attack area of the main node process, they propose a means to optionally separate the peer communication into a separate process, similar to CLN's connectd. The connections would be multiplexed over a single network connection initiated from the node to the proxy. The core of their idea is demonstrated in a draft PR on GitHub. Laolu, another member of the mailing list, shared some thoughts on the project in a comment on the draft PR and suggested moving the discussion over to the lnd mailing list or in the issue since this is more specific to LND. Laolu also mentioned that the lnd mailing list is probably a better place for lnd architecture specific proposals/discussions. Alex Akselrod requested early feedback on the general direction of their proposed solution and stated that if it was interesting, he would build it out into a fully working feature.
Updated on: 2023-06-03T09:44:46.643374+00:00