From dave at dtrt.org Mon Jul 8 09:20:47 2019 From: dave at dtrt.org (David A. Harding) Date: Mon, 8 Jul 2019 05:20:47 -0400 Subject: [Lightning-dev] Proposal: Lightning Pre-Image Encryption Standard In-Reply-To: References: <6PgxMyjEYZud19u1UhWKlsIFv5Ot4za74OMjq9WmavgvRrD14PhHcwDNEh8OKFuZHY7DluUhnFxPK09rMJznsD_dINcnjp9c9Z2A5Xr7s4A=@protonmail.com> Message-ID: <20190708092047.h6rbixemu5iv7dr2@ganymede> On Fri, Jul 05, 2019 at 03:36:37AM +0000, ZmnSCPxj via Lightning-dev wrote: > A client can easily DoS the server by requesting and requesting (thus > convincing the server to encrypt and send data immediately) and never > paying. Is this an actual concern? Assuming this protocol is used with web apps for sites that are available over HTTPS, the client can just request the order form page over and over to also waste server CPU encrypting and bandwidth transfering (or they could use more clever ways to abuse TLS). For the case of a downloaded file, the server can encrypt immediately before it puts data in the TCP queue so that, if the socket blocks (because the client isn't downloading), it only wasted CPU encrypting a few more blocks than were actually delivered. -Dave