📅 Original date posted:2018-10-31
📝 Original message:
Gert-Jaap Glasbergen <gertjaap at gertjaap.nl> writes:
> As for htlc_minimum_msat I would not feel good about it being dropped.
> It is the only protection measure I saw in the standard against
> producing trimmed HTLCs. In my view the safe default is to set it above
> the dust limit to avoid it to get trimmed, and effectively end up
> routing trusted in-flight payment, that can't be enforced on-chain.
BTW, that problem is more subtle: non-dust outputs can still be
uneconomic to collect. Ideally our definition of "dust" should vary
with fees, which makes this "I don't want dust" awkward.
> There might be reasons to define this differently per client as per
> everyone's own views, but I don't think it is a good idea to remove
> this behavior negotiation entirely, because it would effectively force
> any client to accept HTLCs of any minimum size.
Only incoming HTLCs. You can always refuse to create outgoing HTLCs;
this parameter only limits what the peer can offer you. I don't *think*
there's any danger in accepting a tiny HTLC, which you'll immediately
fail.
> As for minimum_depth, I think this default should be chain-dependant.
> Given the standard describes the possibility to use different chains,
> limiting this to a fixed number in the standard seems like a risky
> choice. Given that it's optional that would mean anyone that wants to
> enforce a higher value would just stop supplying the field.
Agreed: I was assuming bitcoin. The spec assumes bitcoin in several
places because nobody else has done the work, though we leave it open.
We should specify it by chain.
> Would it be something to consider? Given the fact that any part below
> 1000 msat cannot be enforced on-chain, I would prefer giving users the
> ability to opt out of that. There currently is none.
>
> So, either a transaction_min_msat_multiple (set to 1000 for only
> accepting whole satoshis) or accept_subsatoshi (1/0). The latter seems
> more useful since you probably wouldn't give the former any other value
> than either 1 or 1000.
I believe this would render you inoperable in practice; fees are
frequently sub-satoshi, so you would fail everything. The entire
network would have to drop millisatoshis, and the bitcoin maximalist in
me thinks that's unwise :)
On-chain enforcement is not a panacea. We could do probabilistic
payments but they can still be gamed as you can just retry until you get
the desired skew :( In practice, bitcoin charges enough that playing
such games cannot win.
Thanks,
Rusty.
Rusty Russell [ARCHIVE] /
npub1zw…hkhpx
2023-06-09 12:51:56
in reply to nevent1q…x4tx
Author Public Key
npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpxPublished at
2023-06-09 12:51:56Event JSON
{
"id": "861ebd2bce6e10619e4bc09e9f869f713787d6339cf371a7493dd6d5b577646e",
"pubkey": "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425",
"created_at": 1686315116,
"kind": 1,
"tags": [
[
"e",
"c9cdd9e4a2595ac262f22b0a0d9db9260e1433c3622d0a4a06a29ae0cf8c9eea",
"",
"reply"
],
[
"p",
"9456f7acb763eaab2e02bd8e60cf17df74f352c2ae579dce1f1dd25c95dd611c"
]
],
"content": "📅 Original date posted:2018-10-31\n📝 Original message:\nGert-Jaap Glasbergen \u003cgertjaap at gertjaap.nl\u003e writes:\n\u003e As for htlc_minimum_msat I would not feel good about it being dropped.\n\u003e It is the only protection measure I saw in the standard against\n\u003e producing trimmed HTLCs. In my view the safe default is to set it above\n\u003e the dust limit to avoid it to get trimmed, and effectively end up\n\u003e routing trusted in-flight payment, that can't be enforced on-chain. \n\nBTW, that problem is more subtle: non-dust outputs can still be\nuneconomic to collect. Ideally our definition of \"dust\" should vary\nwith fees, which makes this \"I don't want dust\" awkward.\n\n\u003e There might be reasons to define this differently per client as per\n\u003e everyone's own views, but I don't think it is a good idea to remove\n\u003e this behavior negotiation entirely, because it would effectively force\n\u003e any client to accept HTLCs of any minimum size.\n\nOnly incoming HTLCs. You can always refuse to create outgoing HTLCs;\nthis parameter only limits what the peer can offer you. I don't *think*\nthere's any danger in accepting a tiny HTLC, which you'll immediately\nfail.\n\n\u003e As for minimum_depth, I think this default should be chain-dependant.\n\u003e Given the standard describes the possibility to use different chains,\n\u003e limiting this to a fixed number in the standard seems like a risky\n\u003e choice. Given that it's optional that would mean anyone that wants to\n\u003e enforce a higher value would just stop supplying the field.\n\nAgreed: I was assuming bitcoin. The spec assumes bitcoin in several\nplaces because nobody else has done the work, though we leave it open.\nWe should specify it by chain.\n\n\u003e Would it be something to consider? Given the fact that any part below\n\u003e 1000 msat cannot be enforced on-chain, I would prefer giving users the\n\u003e ability to opt out of that. There currently is none.\n\u003e\n\u003e So, either a transaction_min_msat_multiple (set to 1000 for only\n\u003e accepting whole satoshis) or accept_subsatoshi (1/0). The latter seems\n\u003e more useful since you probably wouldn't give the former any other value\n\u003e than either 1 or 1000.\n\nI believe this would render you inoperable in practice; fees are\nfrequently sub-satoshi, so you would fail everything. The entire\nnetwork would have to drop millisatoshis, and the bitcoin maximalist in\nme thinks that's unwise :)\n\nOn-chain enforcement is not a panacea. We could do probabilistic\npayments but they can still be gamed as you can just retry until you get\nthe desired skew :( In practice, bitcoin charges enough that playing\nsuch games cannot win.\n\nThanks,\nRusty.",
"sig": "b2f221c2251e1e4852f144eff6065a4a178a7d0f89288d6f19c4bac868269ba20576f671e9504a96c1ad52accf66700b87d611c71b9da45db217b5bc8f4d991c"
}