From pete at petertodd.org Sat Dec 18 17:56:09 2021 From: pete at petertodd.org (Peter Todd) Date: Sat, 18 Dec 2021 12:56:09 -0500 Subject: [Lightning-dev] Payment sender authentication In-Reply-To: <CAJBJmV-DBBrHJ1Tftoua2iHvjSo22W3OjaE+kZ1aN-7Ay0u3hg@mail.gmail.com> References: <CAJBJmV-DBBrHJ1Tftoua2iHvjSo22W3OjaE+kZ1aN-7Ay0u3hg@mail.gmail.com> Message-ID: <Yb4guRJh8D0ldZfD@petertodd.org> On Fri, Dec 17, 2021 at 11:37:12AM +0100, Joost Jager wrote: > Hello list, > > In Lightning we have a great scheme to protect the identity of the sender > of a payment. This is awesome, but there are also use cases where opt-in > sender authentication is desired. Lightning already has sender authentication: you simply give someone a pre-image hash over an authenticated channel, and the fact that the payment was made means only they could have realistically made it as they were the only person who knew that pre-image hash. Going beyond that is dangerous as you're creating the ability to prove to a *third* party who made a particular payment. That raises serious problems in cases like government raids that need to be considered very carefully. -- https://petertodd.org 'peter'[:-1]@petertodd.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20211218/328206a3/attachment.sig>