Hi all, In https://github.com/lightningnetwork/lightning-rfc/pull/516, the incorrect_or_unknown_payment_details failure message is extended with an htlc_msat field and thereby replaces the former incorrect_payment_amount message. The objective of this change is to prevent a probing attack that allows an intermediate node to find out the final destination of the payment.
Shouldn't the same change be applied to the cltv expiry? Currently in lnd, we return a final_expiry_too_soon message if the htlc expiry is not meeting the invoice cltv delta requirement. This can be used for probing by using low expiry values, similar to how this was previously possible with low amounts. The proposed change would be: when the htlc expiry doesn't meet the invoice cltv delta requirement, return an incorrect_or_unknown_payment_details failure (extended with a new htlc_expiry field) instead of final_expiry_too_soon. Joost.
_______________________________________________ Lightning-dev mailing list Lightningfirstname.lastname@example.org https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev