📅 Original date posted:2021-12-20
📝 Original message:
On Mon, Dec 20, 2021 at 09:01:37AM +0100, Joost Jager wrote:
> On Sat, Dec 18, 2021 at 6:56 PM Peter Todd <pete at petertodd.org> wrote:
>
> > Lightning already has sender authentication: you simply give someone a
> > pre-image hash over an authenticated channel, and the fact that the
> > payment was
> > made means only they could have realistically made it as they were the only
> > person who knew that pre-image hash.
> >
>
> This sounds quite similar to what is described above in lnurl-18. I can see
> that that works, but I should have added that I was looking for a solution
> that exists completely within the protocol without using an additional
> channel. Also, routing nodes learn the preimage hash too, so the sender
> isn't the only person. But that is solved by the payment secret that is
> also part of the invoice.
The key thing is the invoice has to get to the sender somehow in the first
place. So I don't think there's any reason to use the lightning protocol itself
for additional authentication.
> > Going beyond that is dangerous as you're creating the ability to prove to a
> > *third* party who made a particular payment. That raises serious problems
> > in
> > cases like government raids that need to be considered very carefully.
>
>
> This is why I proposed to use diffie-hellman to generate a shared secret.
> The receiver could then have made up all the proofs themselves and are
> therefore of no value to a third party.
The purpose of diffie-hellman is to generate a shared secret in the absense of
a secure channel. Once you have a secure channel there's no reason to use it.
Simply giving the sender the payment info is sufficient.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20211220/3d42edd8/attachment.sig>