Good morning aj,

> The watchtower only needs to post the update tx -- as long as the latest
> update is posted, the only tx that can spend it is the correct settlement,
> so you can post that whenever you're back online, even if that's weeks
> or months later, and likewise for actually claiming your funds from the
> settlement tx's outputs.

This is mildly undesirable, as one of the failure modes is total loss / 
destruction of your Lightning node.

If the blob contains enough information to bring the update *and* the 
settlement *and* a transaction that spends your output of the settlement and 
sends it to a cold-storage address, then at least part of your funds (the ones 
that are not in HTLCs you could have claimed) can be placed back by the 
watchtower to some cold-storage address (that is controlled by different 
hardware from your Lightning node).

Though this is arguably an edge case and it may be a worthwhile tradeoff to 
just have the watchtower handle up to update transaction only, especially since 
`SIGHASH_NOINPUT` use we propose expects to have fees paid by another output, 
not what is being used in the update transaction.
This reduces the scope of watchtowers, simplifying their implementation, 
increasing the chance we can deploy a watchtower network feasibly.

Lightning-dev mailing list

Reply via email to