From 7riw77 at gmail.com Thu Jan 18 11:03:58 2018 From: 7riw77 at gmail.com (7riw77 at gmail.com) Date: Thu, 18 Jan 2018 06:03:58 -0500 Subject: [Lightning-dev] [1.1] Proposed `funding_cancelled` message In-Reply-To: References: <4lzjtI9sV6nbEzdEDLQSHYaFp-dSB9Vcxt6s1j5abYcvhIEsJblo0Oasl9yE88DhSn57kmn6eLId7WJHd32Cdu8RRT6h4aofT4tF7YJI7Zs=@protonmail.com> <5D5BBC3B-88EC-4001-AA86-D632471FBDA4@mattcorallo.com> <74vW2keQrDb8mzHL9s3crq-0VxYMoYoMpQyFiJ-lPyM6sOmLrYHIsL--_MhR1Bg0ZIzI8qUrG2TCIgt9lTbjRKv2QqSyns-V1IW4mJnhjl4=@protonmail.com> <06348FED-9F98-47F0-9477-B8F81931365A@mattcorallo.com> Message-ID: <063401d3904c$0a4ab9e0$1ee02da0$@gmail.com> > You impose this 25 channels per peer. I start opening a channel to > you. Because I did not check mempool or because my fee-estimation algo is > bad, I pay too low a fee. I become impatient and bump it up, which you > perceive as another open (so it is now 2/25 channels). It seems, to me, that this example could be pretty easily extended to 1000, or 2000, or -- pretty much anything. In fact, this brings up an important'ish point, possibly. If every channel I "try to open," and then fail to, counts as resources of any kind on the receiver, we've just added a perfect attack surface for a denial of service. However this is arranged, it needs to be arranged in a way that does not have (or at least has a minimal number of) fixed pool of resources/magic numbers of any kind that can be exhausted, after which things "no longer work." To do otherwise is to practically invite someone taking the entire network down with a well-planned/executed process that exhausts this resource across a large number of critical nodes (and there will be critical nodes -- it's just a part of graph theory that this will happen). ? /r