Rusty Russell [ARCHIVE] on Nostr: 📅 Original date posted:2020-02-20 📝 Original message: Bastien TEINTURIER ...
📅 Original date posted:2020-02-20
📝 Original message:
Bastien TEINTURIER <bastien at acinq.fr> writes:
> Exactly what Matt said.
>
> I would also add that libp2p aims to be a kind of swiss-army knife for p2p
> networking: that's nice for many use-cases, but when security is your main
> focus, it's not.
> Look at TLS: most attacks are downgrade attacks because the protocol offers
> way too many options.
> Protocols like Wireguard have perfectly understood this. No options, not
> many configuration hooks -> small, auditable codebase.
>
> For lightning it's the same: we prefer a very simple transport that has no
> options whatsoever.
> Simple to implement, simple to test, and works great in practice.
To add to this: at Milan we chose a raw protocol instead of using
protobufs. At the time I was unsure, but being able to specify each
message down to the bit level has meant we've never really had problems
at that level.
But it did mean we wasted time arguing over endianness, etc!
Cheers,
Rusty.
📝 Original message:
Bastien TEINTURIER <bastien at acinq.fr> writes:
> Exactly what Matt said.
>
> I would also add that libp2p aims to be a kind of swiss-army knife for p2p
> networking: that's nice for many use-cases, but when security is your main
> focus, it's not.
> Look at TLS: most attacks are downgrade attacks because the protocol offers
> way too many options.
> Protocols like Wireguard have perfectly understood this. No options, not
> many configuration hooks -> small, auditable codebase.
>
> For lightning it's the same: we prefer a very simple transport that has no
> options whatsoever.
> Simple to implement, simple to test, and works great in practice.
To add to this: at Milan we chose a raw protocol instead of using
protobufs. At the time I was unsure, but being able to specify each
message down to the bit level has meant we've never really had problems
at that level.
But it did mean we wasted time arguing over endianness, etc!
Cheers,
Rusty.