Joost Jager [ARCHIVE] on Nostr: 📅 Original date posted:2022-07-04 📝 Original message: > > > isn't it the case ...
📅 Original date posted:2022-07-04
📝 Original message:
>
> > isn't it the case that it is always possible to DoS your peer by just
> rejecting any forward that comes in from them?
>
> Yes, this is a good point. But there is a difference though. If you do that
> with inbound fees, the "malicious" peer is able to prevent _everyone_ from
> even trying to route through you (because it's advertised).
>
If I understand it correctly, we're talking about nodes A and B, where B is
malicious and sets a high inbound fee on the A-B channel?
I'd think that for the network, it's actually better if B advertises their
high inbound fee and nobody even tries that route, instead of everyone
trying and having to wait for a failure because B drops packets?
> Whereas if they selectively fail HTLCs you forward to them, only the payer
> for
> that HTLC knows about it, and they can attribute the failure to the
> malicious
> node, not to you.
>
Isn't the same true for a high inbound fee set by B? This would make it
clear to everyone that B is the node that makes the A-B channel too
expensive to be useful?
> Of course, that malicious node could also withhold the HTLC or return a
> malformed error, but unfortunately we cannot easily protect against this.
> My point is that this is bad behavior, and we shouldn't be giving more
> tools for nodes to misbehave, and inbound fees are a very powerful tool
> to help misbehaving nodes.
>
I fundamentally disagree with not giving nodes tools to misbehave. To me
this indicates that the system is fragile. I'd actually rather go the
opposite way: give them tools and show that the system is unaffected.
But on the point of DoS'ing a particular node: I think there are so many
ways to do this already, that inbound fees probably won't be the tool of
choice even if it was available.
> > Or indirectly affecting them negatively by setting high fees on all
> outbound channels?
>
> This case is completely different, because the "malicious" node can't
> selectively
> advertise that, it will affect traffic coming from all of their peers so
> they
> would really be shooting themselves in the foot if they did that.
>
It's different, but in my view not completely different. If a routing node
all of a sudden decides to charge 10% outbound across all channels for
whatever reason, its peers will be affected because their capital will at
that point be misplaced for earning routing fees.
If you say 'shoot themselves in the foot', you seem to have a rational
routing node in mind looking to maximize fees? How does DoS'ing a
particular peer fit in that picture, why would they do this?
> > My thinking is that if I accept an incoming htlc, my local balance
> increases
> > on that incoming channel. My money gets locked up in a channel that may
> or
> > may not be interesting to me. Wouldn't it be fair to be compensated for
> that?
>
> If that channel isn't interesting to you, then by all means you should fail
> that HTLC or close the channel? Or you shouldn't have accepted it in the
> first place?
>
Agreed, if it isn't interesting at all, you should close. I should have put
that more nuanced. Some channels will likely be more interesting than
others and inbound fees could help with keeping the less interesting ones
afloat. It's another option besides plainly closing the channel.
Suppose I have three peers A, B and C. I am routing traffic back and forth
between A and B at a low fee of 0.1%.
Then C comes along and opens a 1 BTC channel with me. They push out the
full balance towards B and pay 0.1% for that. After that, there is very
minimal activity and after a month I decide to close the channel. A big
opportunity cost for me because I could have placed that 1 BTC local
balance in a much better way. With an inbound fee, I could have earned more.
> I understand the will to optimize revenue here, but I fear this concrete
> proposal leads to many kinds of unhealthy incentives. I agree that there
> is a
> risk in accepting channels from unknown nodes
>
I'd say that the lack of inbound fees requires more trust from the acceptor
of the channel and leads to more centralization.
> , but I think it should be
> addressed differently: you could for example make the opener pay a fee when
> they open a channel to you to compensate that risk (some kind of reversed
> liquidity ads).
>
Yes, can see that work too. The advantage of an inbound fee though is that
the fee that you pay is proportional to the balance of the counter party.
So you only start paying when you actually move the balance and you don't
need to pay everything upfront (which requires some trust from the
initiator).
Joost
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20220704/7f219542/attachment-0001.html>
📝 Original message:
>
> > isn't it the case that it is always possible to DoS your peer by just
> rejecting any forward that comes in from them?
>
> Yes, this is a good point. But there is a difference though. If you do that
> with inbound fees, the "malicious" peer is able to prevent _everyone_ from
> even trying to route through you (because it's advertised).
>
If I understand it correctly, we're talking about nodes A and B, where B is
malicious and sets a high inbound fee on the A-B channel?
I'd think that for the network, it's actually better if B advertises their
high inbound fee and nobody even tries that route, instead of everyone
trying and having to wait for a failure because B drops packets?
> Whereas if they selectively fail HTLCs you forward to them, only the payer
> for
> that HTLC knows about it, and they can attribute the failure to the
> malicious
> node, not to you.
>
Isn't the same true for a high inbound fee set by B? This would make it
clear to everyone that B is the node that makes the A-B channel too
expensive to be useful?
> Of course, that malicious node could also withhold the HTLC or return a
> malformed error, but unfortunately we cannot easily protect against this.
> My point is that this is bad behavior, and we shouldn't be giving more
> tools for nodes to misbehave, and inbound fees are a very powerful tool
> to help misbehaving nodes.
>
I fundamentally disagree with not giving nodes tools to misbehave. To me
this indicates that the system is fragile. I'd actually rather go the
opposite way: give them tools and show that the system is unaffected.
But on the point of DoS'ing a particular node: I think there are so many
ways to do this already, that inbound fees probably won't be the tool of
choice even if it was available.
> > Or indirectly affecting them negatively by setting high fees on all
> outbound channels?
>
> This case is completely different, because the "malicious" node can't
> selectively
> advertise that, it will affect traffic coming from all of their peers so
> they
> would really be shooting themselves in the foot if they did that.
>
It's different, but in my view not completely different. If a routing node
all of a sudden decides to charge 10% outbound across all channels for
whatever reason, its peers will be affected because their capital will at
that point be misplaced for earning routing fees.
If you say 'shoot themselves in the foot', you seem to have a rational
routing node in mind looking to maximize fees? How does DoS'ing a
particular peer fit in that picture, why would they do this?
> > My thinking is that if I accept an incoming htlc, my local balance
> increases
> > on that incoming channel. My money gets locked up in a channel that may
> or
> > may not be interesting to me. Wouldn't it be fair to be compensated for
> that?
>
> If that channel isn't interesting to you, then by all means you should fail
> that HTLC or close the channel? Or you shouldn't have accepted it in the
> first place?
>
Agreed, if it isn't interesting at all, you should close. I should have put
that more nuanced. Some channels will likely be more interesting than
others and inbound fees could help with keeping the less interesting ones
afloat. It's another option besides plainly closing the channel.
Suppose I have three peers A, B and C. I am routing traffic back and forth
between A and B at a low fee of 0.1%.
Then C comes along and opens a 1 BTC channel with me. They push out the
full balance towards B and pay 0.1% for that. After that, there is very
minimal activity and after a month I decide to close the channel. A big
opportunity cost for me because I could have placed that 1 BTC local
balance in a much better way. With an inbound fee, I could have earned more.
> I understand the will to optimize revenue here, but I fear this concrete
> proposal leads to many kinds of unhealthy incentives. I agree that there
> is a
> risk in accepting channels from unknown nodes
>
I'd say that the lack of inbound fees requires more trust from the acceptor
of the channel and leads to more centralization.
> , but I think it should be
> addressed differently: you could for example make the opener pay a fee when
> they open a channel to you to compensate that risk (some kind of reversed
> liquidity ads).
>
Yes, can see that work too. The advantage of an inbound fee though is that
the fee that you pay is proportional to the balance of the counter party.
So you only start paying when you actually move the balance and you don't
need to pay everything upfront (which requires some trust from the
initiator).
Joost
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20220704/7f219542/attachment-0001.html>