Skip to content

bLIP-52/LSPS2 service: Fully implement client-trusts-LSP flow #479

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
tnull opened this issue Mar 3, 2025 · 3 comments
Open

bLIP-52/LSPS2 service: Fully implement client-trusts-LSP flow #479

tnull opened this issue Mar 3, 2025 · 3 comments

Comments

@tnull
Copy link
Collaborator

tnull commented Mar 3, 2025

In #420 we added initial support for acting as an bLIP-52/LSPS2 service.

Currently, we simply hope the client will claim the HTLC after we opened this channel. To avoid potentially having the LSP being the target of griefing attacks, we should implement the full 'client-trusts-LSP' flow, i.e., only broadcast the funding transaction once the client claimed the payment.

@MegalithicBTC
Copy link

Please tell me if I am wrong, but my understanding is that the only safe way to run LSPS2 (from the LSP side), would be in this "client-trusts-LSP" flow. My research on this led me to believe that, to guard against probing, as well as actual malicious attacks, the LSP must delay publishing the opening transaction until the payment is settled. I had some comments on this here: lightningnetwork/lnd#8882 (comment)

So I think that implementing an LSP for LDK clients (at least on our end) might need to wait on the "client-trusts-LSP" flow. If I'm wrong, please advise.

@tnull
Copy link
Collaborator Author

tnull commented Apr 18, 2025

My research on this led me to believe that, to guard against probing, as well as actual malicious attacks, the LSP must delay publishing the opening transaction until the payment is settled.

Yes, it is true that to properly guard against this kind of behavior, you'll have to defer publishing the funding transaction, which is exactly what this issue is about.

So I think that implementing an LSP for LDK clients (at least on our end) might need to wait on the "client-trusts-LSP" flow. If I'm wrong, please advise.

That's fair and not wrong, though note that different LSPs might have different risk tolerances and different scenarios in mind. Some might be fine with not doing that for the time being, as long as they don't see no actual attacks happen etc.

@MegalithicBTC
Copy link

Great, thanks for the clarification. On our end, the main reason we need to test closely with an LDK client is because we're going to need to implement custom behavior in LND for "delay publishing the opening transaction until the payment is settled"... and since this is nonstandard in LND... we need to REALLY be sure this works perfectly and test it under various conditions... so it seems prudent to hold off on starting this testing with LDK until this issue is closed....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants