185 sats \ 1 reply \ @TonyGiorgio 14 Dec 2023 \ on: Two Lightning Attacks Analyzed: A Response to John Light bitcoin
I agree with most of your assessment, good write up.
The main problem though is there's a difference between trust and custodial and you use them interchangeably.
Lightning is trusted in certain ways, but it does not make it custodial. Trust is all around us. I trust my counterparties to not go offline, otherwise I wasted channel fees on them. It does not make them a custodian.
I also trust them to not attempt to do a F&L on me, and part of that trust is assuming my node is not cost worthy to attack. That attack costs more than my node is worth. I also know most of my channel partners.
I also trust that bitcoin's censorship resistant property holds up rather well and that sustaining a 51% is highly unlikely (we all trust that, otherwise none of us would be here).
I'll take this time to share one of the essays from @wefofficial : https://trustisascalingsolution.com/trusted-third-parties
None of these imply custodianship, but trust is a real part of that. It's fair to call something TTP but not custodial. But I agree he's bringing up highly unlikely attacks to promote whatever his thing is. Which I still don't know because he spent most of the article talking about hypothetical LN attacks.
I agree with most of your assessment, good write up.
Ty
The main problem though is there's a difference between trust and custodial and you use them interchangeably.
They are sometimes interchangeable. When you're trusting someone with your money it's custodial. When you're trusting them with something else, it probably isn't, but I haven't thought of everything and there are probably exceptions.
Lightning is trusted in certain ways, but it does not make it custodial
Agreed, e.g. you trust people not to make you pay miners a bunch of money in force closure fees, but you're not trusting them with your money -- because they don't have your money
I also trust them to not attempt to do a F&L on me
You don't need to because you can foil the attack through automated software (not sure if any is written though)
It's fair to call something TTP but not custodial
Sometimes, yes. But if the TTP can hit the "send" button without your consent, and you're simply trusting them not to do that, that's custody
reply