📅 Original date posted:2022-07-03
📝 Original message:
On 7/1/22 8:48 PM, Olaoluwa Osuntokun wrote:
> Hi Val,
>
> > Another huge win of backpressure is that it only needs to happen in DoS
> > situations, meaning it doesn’t have to impact users in the normal case.
>
> I agree, I think the same would apply to prepayments as well (0 or 1 msat in
> calm times). My main concern with relying _only_ on backpressure rate
> limiting is that we'd end up w/ your first scenario more often than not,
> which means routine (and more important to the network) things like fetching
> invoices becomes unreliable.
You're still thinking about this in a costing world, but this really is a networking problem, not a
costing one.
> I'm not saying we should 100% compare onion messages to Tor, but that we might
> be able to learn from what works and what isn't working for them. The systems
> aren't identical, but have some similarities.
To DoS here you have to have *very* asymmetric attack power - regular ol' invoice requests are
trivial amounts of bandwidth, like, really, really trivial. Like, 1000x less bandwidth than an
average ol' home node on a DOCSIS high-latency line with 20Mbps up has available. Closer to
1,000,000x less if we're talking about "real metal".
More importantly, Tor's current attack actually *isn't* a simple DoS attack. The attack there isn't
relevant to onion messages at all, you're just throwing up roadblocks with nonsense here.
> On the topic of parameters across the network: could we end up in a scenario
> where someone is doing like streaming payments for a live stream (or w/e),
> ends up fetching a ton of invoices (actual traffic leading to payments), but
> then ends up being erroneously rate limited by their peers? Assuming they
> have 1 or 2 channels that have now all been clamped down, is waiting N
> minutes (or w/e) their only option? If so then this might lead to their
> livestream (data being transmitted elsewhere) being shut off. Oops, they just
> missed the greatest World Cup goal in history! You had to be there, you had to
> be there, you had to *be* there...
You're basically making a "you had to have more inbound capacity" argument, which, sure, yes, you
do. Even better, though, onion messages are *cheap*, like absurdly cheap, so if you have enough
inbound capacity you're almost certain to have enough inbound *network* capacity to handle some
invoice requests, hell, they're a millionth the cost of the HTLCs you're about to receive
anyway...this argument is just nonsense.
> Another question on my mind is: if this works really well for rate limiting of
> onion messages, then why can't we use it for HTLCs as well?
We do? 400-some-odd HTLCs in flight at once is a *really* tight rate limit, even! Order of
magnitudes tighter than onion message rate limits need to be :)
Matt
Matt Corallo [ARCHIVE] /
npub1e4…jxmcu
2023-06-09 13:06:36
in reply to nevent1q…2ms9
Author Public Key
npub1e46n428mcyfwznl7nlsf6d3s7rhlwm9x3cmkuqzt3emmdpadmkaqqjxmcuPublished at
2023-06-09 13:06:36Event JSON
{
"id": "57264b7fc959b0ff0e648e5a558fbeb310f450f03228f61cdd503dfff35bfba9",
"pubkey": "cd753aa8fbc112e14ffe9fe09d3630f0eff76ca68e376e004b8e77b687adddba",
"created_at": 1686315996,
"kind": 1,
"tags": [
[
"e",
"add1c4290260e2dc63c6102c94233677cad0a1290347eea023c4a78984a8e64d",
"",
"root"
],
[
"e",
"10612da6c55b6e8dea2175bcc16a75ed16058531de86dfff2ab4e11a195d309c",
"",
"reply"
],
[
"p",
"cd753aa8fbc112e14ffe9fe09d3630f0eff76ca68e376e004b8e77b687adddba"
]
],
"content": "📅 Original date posted:2022-07-03\n📝 Original message:\nOn 7/1/22 8:48 PM, Olaoluwa Osuntokun wrote:\n\u003e Hi Val,\n\u003e \n\u003e \u003e Another huge win of backpressure is that it only needs to happen in DoS\n\u003e \u003e situations, meaning it doesn’t have to impact users in the normal case.\n\u003e \n\u003e I agree, I think the same would apply to prepayments as well (0 or 1 msat in\n\u003e calm times). My main concern with relying _only_ on backpressure rate\n\u003e limiting is that we'd end up w/ your first scenario more often than not,\n\u003e which means routine (and more important to the network) things like fetching\n\u003e invoices becomes unreliable.\n\nYou're still thinking about this in a costing world, but this really is a networking problem, not a \ncosting one.\n\n\u003e I'm not saying we should 100% compare onion messages to Tor, but that we might\n\u003e be able to learn from what works and what isn't working for them. The systems\n\u003e aren't identical, but have some similarities.\n\nTo DoS here you have to have *very* asymmetric attack power - regular ol' invoice requests are \ntrivial amounts of bandwidth, like, really, really trivial. Like, 1000x less bandwidth than an \naverage ol' home node on a DOCSIS high-latency line with 20Mbps up has available. Closer to \n1,000,000x less if we're talking about \"real metal\".\n\nMore importantly, Tor's current attack actually *isn't* a simple DoS attack. The attack there isn't \nrelevant to onion messages at all, you're just throwing up roadblocks with nonsense here.\n\n\n\u003e On the topic of parameters across the network: could we end up in a scenario\n\u003e where someone is doing like streaming payments for a live stream (or w/e),\n\u003e ends up fetching a ton of invoices (actual traffic leading to payments), but\n\u003e then ends up being erroneously rate limited by their peers? Assuming they\n\u003e have 1 or 2 channels that have now all been clamped down, is waiting N\n\u003e minutes (or w/e) their only option? If so then this might lead to their\n\u003e livestream (data being transmitted elsewhere) being shut off. Oops, they just\n\u003e missed the greatest World Cup goal in history! You had to be there, you had to\n\u003e be there, you had to *be* there...\n\nYou're basically making a \"you had to have more inbound capacity\" argument, which, sure, yes, you \ndo. Even better, though, onion messages are *cheap*, like absurdly cheap, so if you have enough \ninbound capacity you're almost certain to have enough inbound *network* capacity to handle some \ninvoice requests, hell, they're a millionth the cost of the HTLCs you're about to receive \nanyway...this argument is just nonsense.\n\n\n\u003e Another question on my mind is: if this works really well for rate limiting of\n\u003e onion messages, then why can't we use it for HTLCs as well?\n\nWe do? 400-some-odd HTLCs in flight at once is a *really* tight rate limit, even! Order of \nmagnitudes tighter than onion message rate limits need to be :)\n\nMatt",
"sig": "f0b41d540aedfa1ce6b93de4f0a0044639571c4c0dd338cb304ecdf41d5ab5aaa85cecd8e09422349b4f5e08604d4150eeceb9825b0b8e49dbf0be99738dc965"
}