1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
|
Return-Path: <jlrubin@mit.edu>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
by lists.linuxfoundation.org (Postfix) with ESMTP id C3E13C000B;
Fri, 23 Apr 2021 15:25:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id BFD9640645;
Fri, 23 Apr 2021 15:25:35 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id IrnDNBPESG2V; Fri, 23 Apr 2021 15:25:34 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])
by smtp2.osuosl.org (Postfix) with ESMTPS id 2A75E40640;
Fri, 23 Apr 2021 15:25:33 +0000 (UTC)
Received: from mail-il1-f174.google.com (mail-il1-f174.google.com
[209.85.166.174]) (authenticated bits=0)
(User authenticated as jlrubin@ATHENA.MIT.EDU)
by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 13NFPWrF020166
(version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT);
Fri, 23 Apr 2021 11:25:32 -0400
Received: by mail-il1-f174.google.com with SMTP id y10so279589ilv.0;
Fri, 23 Apr 2021 08:25:32 -0700 (PDT)
X-Gm-Message-State: AOAM532gu3kMVwQcAtzicaEG+TIQkFLSUQ0MAZpGkF7IHqUDsDJ715A7
OJnx/LmiUewDqaQNloAuY5JkD4m1E5ifHlhgSbk=
X-Google-Smtp-Source: ABdhPJxEl3l291GCYAfg7j160ka0fbYctkpWJkXbdKpLTIw38G0BnjrSkZIUF2pAu7Szs7CyAbpwYB0VzWLP0KofNgQ=
X-Received: by 2002:a92:6e0e:: with SMTP id j14mr3401710ilc.90.1619191531778;
Fri, 23 Apr 2021 08:25:31 -0700 (PDT)
MIME-Version: 1.0
References: <CALZpt+E_e=0rjq5_XazV_qH2h=uQrpTLbMRe2K7jVterSAr05w@mail.gmail.com>
In-Reply-To: <CALZpt+E_e=0rjq5_XazV_qH2h=uQrpTLbMRe2K7jVterSAr05w@mail.gmail.com>
From: Jeremy <jlrubin@mit.edu>
Date: Fri, 23 Apr 2021 08:25:19 -0700
X-Gmail-Original-Message-ID: <CAD5xwhjUP+=TWtJWSjwFLit7finoVOwpF8bMydOxxVeV8M9oOA@mail.gmail.com>
Message-ID: <CAD5xwhjUP+=TWtJWSjwFLit7finoVOwpF8bMydOxxVeV8M9oOA@mail.gmail.com>
To: Antoine Riard <antoine.riard@gmail.com>
Content-Type: multipart/alternative; boundary="00000000000013385805c0a56834"
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>,
"lightning-dev\\\\@lists.linuxfoundation.org"
<lightning-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] [Lightning-dev] L2s Onchain Support IRC Workshop
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Apr 2021 15:25:35 -0000
--00000000000013385805c0a56834
Content-Type: text/plain; charset="UTF-8"
I'd be excited to join. Recommend bumping the date to mid June, if that's
ok, as many Americans will be at Bitcoin 2021.
I was thinking about reviving the sponsors proposal with a 100 block lock
on spending a sponsoring tx which would hopefully make less controversial,
this would be a great place to discuss those tradeoffs.
On Fri, Apr 23, 2021, 8:17 AM Antoine Riard <antoine.riard@gmail.com> wrote:
> Hi,
>
> During the lastest years, tx-relay and mempool acceptances rules of the
> base layer have been sources of major security and operational concerns for
> Lightning and other Bitcoin second-layers [0]. I think those areas require
> significant improvements to ease design and deployment of higher Bitcoin
> layers and I believe this opinion is shared among the L2 dev community. In
> order to make advancements, it has been discussed a few times in the last
> months to organize in-person workshops to discuss those issues with the
> presence of both L1/L2 devs to make exchange fruitful.
>
> Unfortunately, I don't think we'll be able to organize such in-person
> workshops this year (because you know travel is hard those days...) As a
> substitution, I'm proposing a series of one or more irc meetings. That
> said, this substitution has the happy benefit to gather far more folks
> interested by those issues that you can fit in a room.
>
> # Scope
>
> I would like to propose the following 4 items as topics of discussion.
>
> 1) Package relay design or another generic L2 fee-bumping primitive like
> sponsorship [0]. IMHO, this primitive should at least solve mempools spikes
> making obsolete propagation of transactions with pre-signed feerate, solve
> pinning attacks compromising Lightning/multi-party contract protocol
> safety, offer an usable and stable API to L2 software stack, stay
> compatible with miner and full-node operators incentives and obviously
> minimize CPU/memory DoS vectors.
>
> 2) Deprecation of opt-in RBF toward full-rbf. Opt-in RBF makes it trivial
> for an attacker to partition network mempools in divergent subsets and from
> then launch advanced security or privacy attacks against a Lightning node.
> Note, it might also be a concern for bandwidth bleeding attacks against L1
> nodes.
>
> 3) Guidelines about coordinated cross-layers security disclosures.
> Mitigating a security issue around tx-relay or the mempool in Core might
> have harmful implications for downstream projects. Ideally, L2 projects
> maintainers should be ready to upgrade their protocols in emergency in
> coordination with base layers developers.
>
> 4) Guidelines about L2 protocols onchain security design. Currently
> deployed like Lightning are making a bunch of assumptions on tx-relay and
> mempool acceptances rules. Those rules are non-normative, non-reliable and
> lack documentation. Further, they're devoid of tooling to enforce them at
> runtime [2]. IMHO, it could be preferable to identify a subset of them on
> which second-layers protocols can do assumptions without encroaching too
> much on nodes's policy realm or making the base layer development in those
> areas too cumbersome.
>
> I'm aware that some folks are interested in other topics such as extension
> of Core's mempools package limits or better pricing of RBF replacement. So
> l propose a 2-week concertation period to submit other topics related to
> tx-relay or mempools improvements towards L2s before to propose a finalized
> scope and agenda.
>
> # Goals
>
> 1) Reaching technical consensus.
> 2) Reaching technical consensus, before seeking community consensus as it
> likely has ecosystem-wide implications.
> 3) Establishing a security incident response policy which can be applied
> by dev teams in the future.
> 4) Establishing a philosophy design and associated documentations (BIPs,
> best practices, ...)
>
> # Timeline
>
> 2021-04-23: Start of concertation period
> 2021-05-07: End of concertation period
> 2021-05-10: Proposition of workshop agenda and schedule
> late 2021-05/2021-06: IRC meetings
>
> As the problem space is savagely wide, I've started a collection of
> documents to assist this workshop : https://github.com/ariard/L2-zoology
> Still wip, but I'll have them in a good shape at agenda publication, with
> reading suggestions and open questions to structure discussions.
> Also working on transaction pinning and mempool partitions attacks
> simulations.
>
> If L2s security/p2p/mempool is your jam, feel free to get involved :)
>
> Cheers,
> Antoine
>
> [0] For e.g see optech section on transaction pinning attacks :
> https://bitcoinops.org/en/topics/transaction-pinning/
> [1]
> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-September/018168.html
> [2] Lack of reference tooling make it easier to have bug slip in like
> https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html
> _______________________________________________
> Lightning-dev mailing list
> Lightning-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
>
--00000000000013385805c0a56834
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"auto"><div>I'd be excited to join. Recommend bumping the da=
te=C2=A0 to mid June, if that's ok, as many Americans will be at Bitcoi=
n 2021.</div><div dir=3D"auto"><br></div><div dir=3D"auto">I was thinking a=
bout reviving the sponsors proposal with a 100 block lock on spending a spo=
nsoring tx which would hopefully make less controversial, this would be a g=
reat place to discuss those tradeoffs.=C2=A0<br><br><div class=3D"gmail_quo=
te" dir=3D"auto"><div dir=3D"ltr" class=3D"gmail_attr">On Fri, Apr 23, 2021=
, 8:17 AM Antoine Riard <<a href=3D"mailto:antoine.riard@gmail.com">anto=
ine.riard@gmail.com</a>> wrote:<br></div><blockquote class=3D"gmail_quot=
e" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">=
<div dir=3D"ltr">Hi,<br><br>During the lastest years, tx-relay and mempool =
acceptances rules of the base layer have been sources of major security and=
operational concerns for Lightning and other Bitcoin second-layers [0]. I =
think those areas require significant improvements to ease design and deplo=
yment of higher Bitcoin layers and I believe this opinion is shared among t=
he L2 dev community. In order to make advancements, it has been discussed a=
few times in the last months to organize in-person workshops to discuss th=
ose issues with the presence of both L1/L2 devs to make exchange fruitful.<=
br><br>Unfortunately, I don't think we'll be able to organize such =
in-person workshops this year (because you know travel is hard those days..=
.) As a substitution, I'm proposing a series of one or more irc meeting=
s. That said, this substitution has the happy benefit to gather far more fo=
lks interested by those issues that you can fit in a room.<br><br># Scope<b=
r><br>I would like to propose the following 4 items as topics of discussion=
.<br><br>1) Package relay design or another generic L2 fee-bumping primitiv=
e like sponsorship [0]. IMHO, this primitive should at least solve mempools=
spikes making obsolete propagation of transactions with pre-signed feerate=
, solve pinning attacks compromising Lightning/multi-party contract protoco=
l safety, offer an usable and stable API to L2 software stack, stay compati=
ble with miner and full-node operators incentives and obviously minimize CP=
U/memory DoS vectors.<br><br>2) Deprecation of opt-in RBF toward full-rbf. =
Opt-in RBF makes it trivial for an attacker to partition network mempools i=
n divergent subsets and from then launch advanced security or privacy attac=
ks against a Lightning node. Note, it might also be a concern for bandwidth=
bleeding attacks against L1 nodes.<br><br>3) Guidelines about coordinated =
cross-layers security disclosures. Mitigating a security issue around tx-re=
lay or the mempool in Core might have harmful implications for downstream p=
rojects. Ideally, L2 projects maintainers should be ready to upgrade their =
protocols in emergency in coordination with base layers developers.<br><br>=
4) Guidelines about L2 protocols onchain security design. Currently deploye=
d like Lightning are making a bunch of assumptions on tx-relay and mempool =
acceptances rules. Those rules are non-normative, non-reliable and lack doc=
umentation. Further, they're devoid of tooling to enforce them at runti=
me [2]. IMHO, it could be preferable to identify a subset of them on which =
second-layers protocols can do assumptions without encroaching too much on =
nodes's policy realm or making the base layer development in those area=
s too cumbersome.<br><br>I'm aware that some folks are interested in ot=
her topics such as extension of Core's mempools package limits or bette=
r pricing of RBF replacement. So l propose a 2-week concertation period to =
submit other topics related to tx-relay or mempools improvements towards L2=
s before to propose a finalized scope and agenda.<br><br># Goals<br><br>1) =
Reaching technical consensus.<br>2) Reaching technical consensus, before se=
eking community consensus as it likely has ecosystem-wide implications.<br>=
3) Establishing a security incident response policy which can be applied by=
dev teams in the future.<br>4) Establishing a philosophy design and associ=
ated documentations (BIPs, best practices, ...)<br><br># Timeline<br><br>20=
21-04-23: Start of concertation period<br>2021-05-07: End of concertation p=
eriod<br>2021-05-10: Proposition of workshop agenda and schedule<br>late 20=
21-05/2021-06: IRC meetings<br><br>As the problem space is savagely wide, I=
've started a collection of documents to assist this workshop : <a href=
=3D"https://github.com/ariard/L2-zoology" target=3D"_blank" rel=3D"noreferr=
er">https://github.com/ariard/L2-zoology</a><br>Still wip, but I'll hav=
e them in a good shape at agenda publication, with reading suggestions and =
open questions to structure discussions.<br>Also working on transaction pin=
ning and mempool partitions attacks simulations.<br><br>If L2s security/p2p=
/mempool is your jam, feel free to get involved :)<br><br>Cheers,<br>Antoin=
e<br><br>[0] For e.g see optech section on transaction pinning attacks : <a=
href=3D"https://bitcoinops.org/en/topics/transaction-pinning/" target=3D"_=
blank" rel=3D"noreferrer">https://bitcoinops.org/en/topics/transaction-pinn=
ing/</a><br>[1] <a href=3D"https://lists.linuxfoundation.org/pipermail/bitc=
oin-dev/2020-September/018168.html" target=3D"_blank" rel=3D"noreferrer">ht=
tps://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-September/018168=
.html</a><br>[2] Lack of reference tooling make it easier to have bug slip =
in like <a href=3D"https://lists.linuxfoundation.org/pipermail/lightning-de=
v/2020-October/002858.html" target=3D"_blank" rel=3D"noreferrer">https://li=
sts.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html</a=
><br></div>
_______________________________________________<br>
Lightning-dev mailing list<br>
<a href=3D"mailto:Lightning-dev@lists.linuxfoundation.org" target=3D"_blank=
" rel=3D"noreferrer">Lightning-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev=
" rel=3D"noreferrer noreferrer" target=3D"_blank">https://lists.linuxfounda=
tion.org/mailman/listinfo/lightning-dev</a><br>
</blockquote></div></div></div>
--00000000000013385805c0a56834--
|
