Lightning Specification Meeting 2020/10/26

[t-bast]

The meeting will take place on Monday 2020/10/26 at 7pm UTC on IRC #lightning-dev. It is open to the public.

Pull Request Review

• Clarify bolt 4 BOLT 4: link to BOLT 1 for tlv_payload format #801
• Anchor revoked to_local Require to claim revoked local output in its own penalty tx post-anchor #803
• Recent CVEs: Fail channel in case of high-S remote signature reception #807 Prevent preimage reveal collision while claiming onchain incoming HTLC #808 Make invoice's s flag mandatory ? #809
• Security advisory [WIP] Add a SECURITY.md #772

Issues

• reply_channel_range is too strict reply_channel_range is now too strict. #804

Long Term Updates

• Upfront payments / DoS protection
• Offers Offers #798
• Evaluate historical min_relay_fee to improve update_fee in anchors (@rustyrussell and @TheBlueMatt)
• Blinded paths Route Blinding (Feature 24/25) #765 (@t-bast)
• Trampoline routing Trampoline Routing #654 (@t-bast)

Backlog

The following are topics that we should discuss at some point, so if we have time to discuss them great, otherwise they slip to the next meeting.

• Hornet (@cfromknecht)
• lnprototest https://github.com/rustyrussell/lnprototest (@rustyrussell)

---

Post-Meeting notes:

Action items

• BOLT 4: link to BOLT 1 for tlv_payload format #801 @rustyrussell to try out the change and report success/failure
• Require to claim revoked local output in its own penalty tx post-anchor #803 @ariard address nits
• Fail channel in case of high-S remote signature reception #807 merge the PR and defer grouping the prescriptions to a later point in time
• Prevent preimage reveal collision while claiming onchain incoming HTLC #808 make the formulation a bit more explicit
• [WIP] Add a SECURITY.md #772 add contact details (e-mail and gpg keys) for the implementations and add details about what not to do (report CVEs via the Twitter tag #StealMyMoney)

The full logs can be found here

[ariard]

May we add #807, #808 and #809 ?

Also can we get back #772 now context which leads to its opening is public ?

[t-bast]

Added to the PR review list

[t-bast]

I just added #804 to the list as well: it may be worth re-visiting the option of adding an explicit complete boolean field to channel range queries instead of implicitly figuring out that a sync is complete.

[cdecker]

Adding the recent discussion on a simplified HTLC negotiation to address nodes drifting out of sync, and more consistent state might be a good idea. We've had quite some discussions around this lately, and I'd love to hear what others think about it.

[cdecker]

• Recent CVEs: Fail channel in case of high-S remote signature reception #807 Prevent preimage reveal collision while claiming onchain incoming HTLC #808 Make invoice's s flag mandatory ? #809

Regarding the CVEs: would it make sense to include a writeup of these in this repo, and link them into the respective places as rationaly?

[t-bast]

It's an interesting proposal, you would add a "cve" folder and have a write-up about each CVE we've found? I think it's nice, it would be easy to find