Good morning Rusty,
> No, Bob can include the scid he used in the update_add_htlc message, so
> Alice can check.
>
> I'm extremely nervous about custodial lightning services restricting
> what they will pay to. This is not theoretical: they will come under
> immense KYC pressure in the near futur
Good morning niftynei,
> Rusty had some suggestions about how to improve the protocol messages for
> this, namely adding a serial_id to the inputs and outputs, which can then be
> reused for deletions.
>
> The serial id can then also be used as the ordering heuristic for transaction
> inputs
>
> But Mallory can do the same attack, I think. Just include the P_I from
> the wrong invoice for Bob.
>
Good catch, that's true, thanks for keeping me honest there! In that case
my proposal
would need the same mitigation as yours, Bob will need to include the
`scid` he received
in `update_add_h