From luke at dashjr.org  Mon Oct  4 15:57:13 2021
From: luke at dashjr.org (Luke Dashjr)
Date: Mon, 4 Oct 2021 15:57:13 +0000
Subject: [Lightning-dev] Full Disclosure: CVE-2021-41591/ CVE-2021-41592
	/ CVE-2021-41593 "Dust HTLC Exposure Considered Harmful"
In-Reply-To: <CALZpt+H1fH-G8Q5T2teZxYYWJRxMzeee6unuHACU3dSf1hMZag@mail.gmail.com>
References: <CALZpt+H1fH-G8Q5T2teZxYYWJRxMzeee6unuHACU3dSf1hMZag@mail.gmail.com>
Message-ID: <202110041557.13862.luke@dashjr.org>

On Monday 04 October 2021 15:09:28 Antoine Riard wrote:
> Still during August 2021, the Bitcoin Core dust limit was actively
> discussed on the mailing list. Changes of this dust limit would have
> affected the ongoing development of the mitigations.

The "dust limit" is arbitrarily decided by each node, and cannot be relied 
upon for security at all. Expecting it to be a given default value is in 
itself a security vulnerability.


P.S. It'd be nice if someone familiar with these could fill in 
https://en.bitcoin.it/wiki/CVEs