From ZmnSCPxj at protonmail.com Sat Jan 20 04:49:03 2018 From: ZmnSCPxj at protonmail.com (ZmnSCPxj) Date: Fri, 19 Jan 2018 23:49:03 -0500 Subject: [Lightning-dev] [1.1] Proposed `funding_cancelled` message In-Reply-To: <063401d3904c$0a4ab9e0$1ee02da0$@gmail.com> References: <4lzjtI9sV6nbEzdEDLQSHYaFp-dSB9Vcxt6s1j5abYcvhIEsJblo0Oasl9yE88DhSn57kmn6eLId7WJHd32Cdu8RRT6h4aofT4tF7YJI7Zs=@protonmail.com> <5D5BBC3B-88EC-4001-AA86-D632471FBDA4@mattcorallo.com> <74vW2keQrDb8mzHL9s3crq-0VxYMoYoMpQyFiJ-lPyM6sOmLrYHIsL--_MhR1Bg0ZIzI8qUrG2TCIgt9lTbjRKv2QqSyns-V1IW4mJnhjl4=@protonmail.com> <06348FED-9F98-47F0-9477-B8F81931365A@mattcorallo.com> <063401d3904c$0a4ab9e0$1ee02da0$@gmail.com> Message-ID: As mentioned in the text, this is imposed by you on each peer that connects to you. The point is to prevent a single peer from consuming all your memory and CPU and prevent you from servicing legitimate peers- i.e. it prevents denial of service using a single peer and forces attackers to use a *distributed* denial of service. Regards, ZmnSCPxj Sent with [ProtonMail](https://protonmail.com) Secure Email. -------- Original Message -------- On January 18, 2018 7:03 PM, <7riw77 at gmail.com> wrote: > > >> You impose this 25 channels per peer. I start opening a channel to >> you. Because I did not check mempool or because my fee-estimation algo is >> bad, I pay too low a fee. I become impatient and bump it up, which you >> perceive as another open (so it is now 2/25 channels). > > It seems, to me, that this example could be pretty easily extended to 1000, or 2000, or -- pretty much anything. In fact, this brings up an important'ish point, possibly. If every channel I "try to open," and then fail to, counts as resources of any kind on the receiver, we've just added a perfect attack surface for a denial of service. However this is arranged, it needs to be arranged in a way that does not have (or at least has a minimal number of) fixed pool of resources/magic numbers of any kind that can be exhausted, after which things "no longer work." To do otherwise is to practically invite someone taking the entire network down with a well-planned/executed process that exhausts this resource across a large number of critical nodes (and there will be critical nodes -- it's just a part of graph theory that this will happen). > > ? /r -------------- next part -------------- An HTML attachment was scrubbed... URL: