📅 Original date posted:2020-10-14
📝 Original message:
Hey laolu,
I think this fits in nicely with the "parameter re-negotiation" portion of
> my
> loose Dynamic commitments proposal.
Yes, maybe it's better to not offer two mechanisms and wait for dynamic
commitments to offer that
flexibility.
Instead, you may
> want to only allow them to utilize say 10% of the available HTLC bandwidth,
> slowly increasing based on successful payments, and drastically
> (multiplicatively) decreasing when you encounter very long lived HTLCs, or
> an excessive number of failures.
Exactly, that's the kind of heuristic I had in mind. Peers need to slowly
build trust before you
give them access to more resources.
This is
> possible to some degree today (by using an implicit value lower than
> the negotiated values), but the implicit route doesn't give the other party
> any information
Agreed, it's easy to implement locally but it's not going to be very nice
to your peer, who has
no way of knowing why you're rejecting HTLCs and may end up closing the
channel because it sees
weird behavior. That's why we need to offer an explicit re-negotiation of
these parameters, let's
keep this use-case in mind when designing dynamic commitments!
Cheers,
Bastien
Le lun. 12 oct. 2020 à 20:59, Olaoluwa Osuntokun <laolu32 at gmail.com> a
écrit :
>
> > I suggest adding tlv records in `commitment_signed` to tell our channel >
> > peer that we're changing the values of these fields.
>
> I think this fits in nicely with the "parameter re-negotiation" portion of
> my
> loose Dynamic commitments proposal. Note that in that paradigm, something
> like this would be a distinct message, and also only be allowed with a
> "clean commitment" (as otherwise what if I reduce the number of slots to a
> value that is lower than the number of active slots?). With this, both
> sides
> would be able to propose/accept/deny updates to the flow control parameters
> that can be used to either increase the security of a channel, or implement
> a sort of "slow start" protocol for any new peers that connect to you.
>
> Similar to congestion window expansion/contraction in TCP, when a new peer
> connects to you, you likely don't want to allow them to be able to consume
> all the newly allocated bandwidth in an outgoing direction. Instead, you
> may
> want to only allow them to utilize say 10% of the available HTLC bandwidth,
> slowly increasing based on successful payments, and drastically
> (multiplicatively) decreasing when you encounter very long lived HTLCs, or
> an excessive number of failures.
>
> A dynamic HTLC bandwidth allocation mechanism would serve to mitigate
> several classes of attacks (supplementing any mitigations by "channel
> acceptor" hooks), and also give forwarding nodes more _control_ of exactly
> how their allocated bandwidth is utilized by all connected peers. This is
> possible to some degree today (by using an implicit value lower than
> the negotiated values), but the implicit route doesn't give the other party
> any information, and may end up in weird re-send loops (as they _why_ an
> HTLC was rejected) wasn't communicated. Also if you end up in a half-sign
> state, since we don't have any sort of "unadd", then the channel may end up
> borked if the violating party keeps retransmitting the same update upon
> reconnection.
>
> > Are there other fields you think would need to become dynamic as well?
>
> One other value that IMO should be dynamic to protect against future
> unexpected events is the dust limit. "It Is Known", that this value
> "doesn't
> really change", but we should be able to upgrade _all_ channels on the fly
> if it does for w/e reason.
>
> -- Laolu
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20201014/87b3dc5d/attachment.html>;
Bastien TEINTURIER [ARCHIVE] /
npub17f…ntr0s
2023-06-09 13:00:58
in reply to nevent1q…q356
Author Public Key
npub17fjkngg0s0mfx4uhhz6n4puhflwvrhn2h5c78vdr5xda4mvqx89swntr0sPublished at
2023-06-09 13:00:58Event JSON
{
"id": "0f1fabfdb0b4debd2b9975b92618233f40bc3cb699e4f91a0f765750b05432e1",
"pubkey": "f26569a10f83f6935797b8b53a87974fdcc1de6abd31e3b1a3a19bdaed8031cb",
"created_at": 1686315658,
"kind": 1,
"tags": [
[
"e",
"bf5d675863f97a951d35eeee3ef3828dfc349552a8c3471bf6b8f80c10432a22",
"",
"root"
],
[
"e",
"729bfbcf507aed6f7f78cba733329075e80a174b4f9938cb5d89980f78c83999",
"",
"reply"
],
[
"p",
"2df3fc2660459521b852c995d4fc1a93938389a5e085677d0ebb33ef92cc5476"
]
],
"content": "📅 Original date posted:2020-10-14\n📝 Original message:\nHey laolu,\n\nI think this fits in nicely with the \"parameter re-negotiation\" portion of\n\u003e my\n\u003e loose Dynamic commitments proposal.\n\n\nYes, maybe it's better to not offer two mechanisms and wait for dynamic\ncommitments to offer that\nflexibility.\n\nInstead, you may\n\u003e want to only allow them to utilize say 10% of the available HTLC bandwidth,\n\u003e slowly increasing based on successful payments, and drastically\n\u003e (multiplicatively) decreasing when you encounter very long lived HTLCs, or\n\u003e an excessive number of failures.\n\n\nExactly, that's the kind of heuristic I had in mind. Peers need to slowly\nbuild trust before you\ngive them access to more resources.\n\nThis is\n\u003e possible to some degree today (by using an implicit value lower than\n\u003e the negotiated values), but the implicit route doesn't give the other party\n\u003e any information\n\n\nAgreed, it's easy to implement locally but it's not going to be very nice\nto your peer, who has\nno way of knowing why you're rejecting HTLCs and may end up closing the\nchannel because it sees\nweird behavior. That's why we need to offer an explicit re-negotiation of\nthese parameters, let's\nkeep this use-case in mind when designing dynamic commitments!\n\nCheers,\nBastien\n\nLe lun. 12 oct. 2020 à 20:59, Olaoluwa Osuntokun \u003claolu32 at gmail.com\u003e a\nécrit :\n\n\u003e\n\u003e \u003e I suggest adding tlv records in `commitment_signed` to tell our channel \u003e\n\u003e \u003e peer that we're changing the values of these fields.\n\u003e\n\u003e I think this fits in nicely with the \"parameter re-negotiation\" portion of\n\u003e my\n\u003e loose Dynamic commitments proposal. Note that in that paradigm, something\n\u003e like this would be a distinct message, and also only be allowed with a\n\u003e \"clean commitment\" (as otherwise what if I reduce the number of slots to a\n\u003e value that is lower than the number of active slots?). With this, both\n\u003e sides\n\u003e would be able to propose/accept/deny updates to the flow control parameters\n\u003e that can be used to either increase the security of a channel, or implement\n\u003e a sort of \"slow start\" protocol for any new peers that connect to you.\n\u003e\n\u003e Similar to congestion window expansion/contraction in TCP, when a new peer\n\u003e connects to you, you likely don't want to allow them to be able to consume\n\u003e all the newly allocated bandwidth in an outgoing direction. Instead, you\n\u003e may\n\u003e want to only allow them to utilize say 10% of the available HTLC bandwidth,\n\u003e slowly increasing based on successful payments, and drastically\n\u003e (multiplicatively) decreasing when you encounter very long lived HTLCs, or\n\u003e an excessive number of failures.\n\u003e\n\u003e A dynamic HTLC bandwidth allocation mechanism would serve to mitigate\n\u003e several classes of attacks (supplementing any mitigations by \"channel\n\u003e acceptor\" hooks), and also give forwarding nodes more _control_ of exactly\n\u003e how their allocated bandwidth is utilized by all connected peers. This is\n\u003e possible to some degree today (by using an implicit value lower than\n\u003e the negotiated values), but the implicit route doesn't give the other party\n\u003e any information, and may end up in weird re-send loops (as they _why_ an\n\u003e HTLC was rejected) wasn't communicated. Also if you end up in a half-sign\n\u003e state, since we don't have any sort of \"unadd\", then the channel may end up\n\u003e borked if the violating party keeps retransmitting the same update upon\n\u003e reconnection.\n\u003e\n\u003e \u003e Are there other fields you think would need to become dynamic as well?\n\u003e\n\u003e One other value that IMO should be dynamic to protect against future\n\u003e unexpected events is the dust limit. \"It Is Known\", that this value\n\u003e \"doesn't\n\u003e really change\", but we should be able to upgrade _all_ channels on the fly\n\u003e if it does for w/e reason.\n\u003e\n\u003e -- Laolu\n\u003e\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20201014/87b3dc5d/attachment.html\u003e",
"sig": "7dc86343cc090ec5cc92904cdeb976aeff316a334dad6ca222f285dee80cf3872e9ea4fa543cf1d57abfa4f8b44b8b194b958be35566d7ec6722460ee5156bf5"
}