From bastien at acinq.fr Mon Feb 17 17:10:21 2020 From: bastien at acinq.fr (Bastien TEINTURIER) Date: Mon, 17 Feb 2020 18:10:21 +0100 Subject: [Lightning-dev] Using libp2p as a communication protocol for Lightning In-Reply-To: <77B019C6-4C68-4505-A57C-C5387E018F0E@mattcorallo.com> References: <623aca48-9ac3-463b-94e1-10e11a3b9790@Spark> <77B019C6-4C68-4505-A57C-C5387E018F0E@mattcorallo.com> Message-ID: Exactly what Matt said. I would also add that libp2p aims to be a kind of swiss-army knife for p2p networking: that's nice for many use-cases, but when security is your main focus, it's not. Look at TLS: most attacks are downgrade attacks because the protocol offers way too many options. Protocols like Wireguard have perfectly understood this. No options, not many configuration hooks -> small, auditable codebase. For lightning it's the same: we prefer a very simple transport that has no options whatsoever. Simple to implement, simple to test, and works great in practice. Bastien Le lun. 17 f?vr. 2020 ? 18:00, Matt Corallo a ?crit : > Because writing connection logic and peer management is really not that > complicated compared to HTLC state machines and the rest of lightning. For > crypto, lighting does use the noise framework, though the resulting code is > so simple (in a good way) that its super easy to just write it yourself > instead of fighting with a dependency. > > Lastly, for self-respecting cryptocurrency developers, > not-carefully-audited dependencies are security vulnerabilities that will > expose your users? funds. By pulling simple connection logic into a > lighting implementation, it?s easier to test/fuzz/etc with the rest of a > project. > > Matt > > On Feb 17, 2020, at 06:12, Alexandr Burdiyan wrote: > > ? > Hi everyone! > > Since I recently started digging into all-things-peer-to-peer, I found > that there?s a lot of fragmentation between many different projects that > seemingly have a lot of things in common, like networking, encoding > standards, and etc. I suppose there?re lots of historical reasons for that. > > More concretely for Lightning, I wonder why it couldn?t use some existing > open source technologies and standards, like libp2p [1] for communication, > or various multiformats [2] standards for addresses, hashes and encodings? > > I do think that building and evolving common toolkits and standards for > decentralized system like libp2p, or multiformats, or IPLD [3] could be > something very useful for the whole community. Currently, it feels like > everyone wants to go so fast, so there?s no time for coordination and > consensus to build these kinds of specs. That is understandable. But I > wonder if Lightning community ever looked at projects like libp2p and > multiformats, or maybe is considering to implement them in lightning. Or > maybe there was a decision of not using them for some reason that I might > be missing. > > [1]: https://libp2p.io > [2]: https://multiformats.io > [3]: https://ipld.io > > Thanks! > > Alexandr Burdiyan > _______________________________________________ > Lightning-dev mailing list > Lightning-dev at lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev > > _______________________________________________ > Lightning-dev mailing list > Lightning-dev at lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: