43 sats \ 7 replies \ @ek 20 Oct 2023 \ on: Large lightning vulnerability concern bitcoin
Those types of changes are the ones necessitating the utmost transparency and buy-in of the community as a whole, as we're altering the full-nodes processing requirements or the security architecture of the decentralized bitcoin ecosystem in its integrality.
On the other hand fully explaining why such changes would be warranted for the sake of lightning and for designing them well, we might need to lay out in complete state practical and critical attacks on a ~5 355 public BTC ecosystem.
Hard dillema.
Mhh, very interesting and I get the dilemma.
Can't easily convince people who support ossification like @jimmysong (/cc @nerd2ninja) (for valid reasons!) about soft forks.
But explaining in detail why we need a soft fork to fix a vulnerability effectively discloses the vulnerability before it's fixed.
write
preview
4468 sats \ 3 replies \ @petertodd 20 Oct 2023
But explaining in detail why we need a soft fork to fix a vulnerability effectively discloses the vulnerability before it's fixed.
This is one reason we have layered systems. If Lightning devs have in fact screwed up, better that Bitcoin continues operating while Lightning figures out how to fix things with full disclosure and many competent people understanding the issue.
Right now, Antoine hasn't even published an easy to read explanation of what the problem actually is. He seems to have convinced a decent number of people involved in lightning development that there is an issue. But he hasn't convinced many people who aren't intimately involved with LN/BTC development. Nor is his "we're all doomed" view on it shared widely.
Anyway, there's no way this issue actually wrecks all of Lightning. You can do routing just fine through semi-trusted node relationships. It's not as decentralized as we want. But even in the worst case a large proportion of usage of lightning will work fine.
reply
32 sats \ 1 reply \ @Wumbo 20 Oct 2023
You can do routing just fine through semi-trusted node relationships
I agree, that is what I understand from the write up (https://github.com/ariard/mempool-research/blob/2023-10-replacement-paper/replacement-cycling.pdf).
An amateur node operator (one who has not already put in place some of the mitigation options) might want to review what channels they currently have open and may not want to accept new channels. Depending on there risk profile.
reply
100 sats \ 0 replies \ @rleed 20 Oct 2023
From the very beginning, I always saw the Lightning layer as a replacement for the bank layer in the fiat system. Banks can and should have selected, trusted relationships with each other. Operating a Lightning node, I have always been frustrated with the assumption that a node operator wants to network willy nilly in a trustless world. I want to choose my channels wisely, not entirely trustlessly, and in my opinion the tooling for that is poor at present, (although admittedly I haven't spent enough time trying all available tools).
Some argue this semi-trust tends toward centralization, but the counterargument is that anyone can start up a Lightning node to fill in the gap anytime one feels like centralization is getting out of control. We still have complete freedom.
reply
10 sats \ 0 replies \ @patrick1 20 Oct 2023
This just leads to further centralization.
reply
121 sats \ 1 reply \ @nerd2ninja 20 Oct 2023
I know I was only cc'd, but I want to make it clear that I don't necessarily support ossification. I know and respect the process of upgrades, of communicating to everyone involved to get on board, and to spend years on explanations, demo's, and pentesting on test networks. I currently like CTV and APO for example.
reply
121 sats \ 0 replies \ @ek 20 Oct 2023
Oh didn't mean to make it look like that
I CC'd you because you made me aware of @jimmysong's note on nostr where he mentioned he supports ossification and you mentioned you disagreed :)
reply
0 sats \ 0 replies \ @Rsync25 20 Oct 2023
Interesting point
reply