From fabrice.drouin at acinq.fr  Fri Apr  1 14:57:37 2016
From: fabrice.drouin at acinq.fr (Fabrice Drouin)
Date: Fri, 1 Apr 2016 16:57:37 +0200
Subject: [Lightning-dev] Acknowledgements in BOLT #2
In-Reply-To: <CAMXsxZNvbbVMkqyhTsKXjx+W9NxAFapGegfgCCH2jiAHLr5oiA@mail.gmail.com>
References: <87poua8ayh.fsf@rustcorp.com.au>
	<CAMXsxZNvbbVMkqyhTsKXjx+W9NxAFapGegfgCCH2jiAHLr5oiA@mail.gmail.com>
Message-ID: <CAL3Hpbduih4ZoP45+hh2j_Py2wvacM+uqp6dzj+pdX1pCGk84w@mail.gmail.com>

Hello,

We've thought about it some more and it seems now that htlc ids are
indeed not enough and we do have to take the acknowledge field into
account in some cases anyway. Consider the following scenario:
A sends ADD HTLC X, ADD HTLC Y, ADD HTLC Z
B sends FAIL Y
A has not yet received this last message and sends SIG Z
B receives  SIG Z which includes (X,Y,Z) and won't match expected
signature (X,Z). B has no way to know whether A did receive the "FAIL
Y" message or not without checking the 'acknowledge' field (as
mentioned by Rusty), and might decide that SIG Z is not valid and
close the channel, when it could just ignore it and keep it open.

Cheers,

Fabrice