BOLT#02: clarify coop close requirements#970
Conversation
02-peer-protocol.md
Outdated
| - MUST NOT send a `shutdown`. | ||
| - MUST NOT send an `update_add_htlc` after a `shutdown`. | ||
| - if no HTLCs remain in either commitment transaction: | ||
| - if neither side has a dangling commitment and neither commitment contains any HTLCs (including dust HTLCs): |
There was a problem hiding this comment.
I don't think "dangling" is super well-defined here, and I'm not convinced we want to make that change anyway.
There was a problem hiding this comment.
Allowing closing_signed while a dangling commitment exists can only happen in this transition:
---fail--> (last htlc getting cancelled)
---sig--->
<--rev----
<--sig----
The previous wording said "either" which means it wasn't accounting for the possibility of the 3rd. Also the wording in the receiver section of commit_sig says MUST reply with revoke_and_ack
There was a problem hiding this comment.
Hmm, I'd argue there is still "an HTLC in (one of the) counterparty commitment transactions" at that point - it just so happens there are two counterparty commitment transactions until you get the RAA. Still, in either case, this should use more concrete language IMO.
02-peer-protocol.md
Outdated
|
|
||
| As shutdown implies a desire to terminate, it implies that no new | ||
| HTLCs will be added or accepted. Once any HTLCs are cleared, the peer | ||
| HTLCs will be added or accepted. Once any HTLCs are cleared, there are no dangling commitments and all updates are included on both commitment transactions, the peer |
There was a problem hiding this comment.
Instead of using the word "dangling" can we specify what we mean clearly - something about commitments for which no revoke_and_ack has been sent?
Also, nit: please wrap lines at 80 chars, or so.
02-peer-protocol.md
Outdated
| ### Closing Negotiation: `closing_signed` | ||
|
|
||
| Once shutdown is complete and the channel is empty of HTLCs, the final | ||
| Once shutdown is complete, the channel is empty of HTLCs, there are no dangling commitments and all updates are included on both commitments, the final |
There was a problem hiding this comment.
| Once shutdown is complete, the channel is empty of HTLCs, there are no dangling commitments and all updates are included on both commitments, the final | |
| Once shutdown is complete, the channel is empty of HTLCs, there are no dangling | |
| commitments and all updates are included on both commitments, the final |
The same comment of Matt here, be more specific it is good here because we avoid inconsistency for future updates or ambiguity.
02-peer-protocol.md
Outdated
| may immediately begin closing negotiation, so we ban further updates | ||
| to the commitment transaction (in particular, `update_fee` would be | ||
| possible otherwise). | ||
| possible otherwise). However, while there are HTLCs on the commitment transaction, the initiator may find it desirable to increase the feerate as there may be pending HTLCs on the commitment which could timeout. |
There was a problem hiding this comment.
| possible otherwise). However, while there are HTLCs on the commitment transaction, the initiator may find it desirable to increase the feerate as there may be pending HTLCs on the commitment which could timeout. | |
| possible otherwise). However, while there are HTLCs on the commitment | |
| transaction, the initiator may find it desirable to increase | |
| the feerate as there may be pending HTLCs on the commitment which could timeout. |
|
The current wording of this PR allows: So B can continually send |
02-peer-protocol.md
Outdated
| - MUST NOT send a `shutdown` | ||
| - MAY send a `shutdown` before a `funding_locked`, i.e. before the funding transaction has reached `minimum_depth`. | ||
| - if there are updates pending on the receiving node's commitment transaction: | ||
| - if there are uncommitted updates pending on the receiving node's commitment transaction: |
There was a problem hiding this comment.
@vincenzopalazzo started looking at this in our code and I kinda realized....why do we have this requirement at all? Like, who really cares what's pending when a shutdown goes out? after shutdown goes out you shouldn't add anything new, and certainly sending a shutdown out while an update_add is pending is kinda dumb (the peer should reject at that point), but its not like it should break anything, only pre-closing_signed is a real concern here.
There was a problem hiding this comment.
I assume a part of the reason for this is so that the receiving end can enforce the "no new update_adds" requirement when receiving commitment_signed and not later? Does anyone do this (maybe c-lightning @rustyrussell ?)
There was a problem hiding this comment.
OK, this was good chatting, and I'm sorry if this came out of my head after the meeting, but I just drafted the lnprototest PR rustyrussell/lnprototest#37 after the meeting and I was able to make some consideration after writing the code.
So, my idea that I shared with @TheBlueMatt is why we care about what we don't receive, and we can be more precise in the fact of what we must not receive.
This will make the spec also less ambiguous, for instance, some things like that
| - if there are uncommitted updates pending on the receiving node's commitment transaction: | |
| - if `add_htlc` message is received from the received after shutdown, the sender must fail the htlc |
P.S: this make also the lnprototest integration test easy with a single assert MustNodeReceive('add_htlc') :)
There was a problem hiding this comment.
The only reason to have a "black list" is that during the time this black list can blow up?
|
Spec comment: need to define what a "dangling" commitment is explicitly (and also if we want to use that term or something else). We can add a section here if we like the wording: https://github.com/lightning/bolts/blob/master/00-introduction.md#glossary-and-terminology-guide |
|
I've changed the wording so "no dangling commitments" is now roughly "no commitments for which a revocation is owed" |
vincenzopalazzo
left a comment
There was a problem hiding this comment.
LGTM, just some format changes
| may immediately begin closing negotiation, so we ban further updates | ||
| to the commitment transaction (in particular, `update_fee` would be | ||
| possible otherwise). | ||
| HTLCs will be added or accepted. Once any HTLCs are cleared, there are no commitments |
There was a problem hiding this comment.
| HTLCs will be added or accepted. Once any HTLCs are cleared, there are no commitments | |
| HTLCs will be added or accepted. Once any HTLCs are cleared, there are no commitments |
02-peer-protocol.md
Outdated
| - if neither side has a commitment for which a revocation is owed and neither | ||
| commitment contains any HTLCs (including dust HTLCs): |
There was a problem hiding this comment.
| - if neither side has a commitment for which a revocation is owed and neither | |
| commitment contains any HTLCs (including dust HTLCs): | |
| - if neither side has a commitment for which a revocation is owed and neither | |
| commitment contains any HTLCs (including dust HTLCs): |
t-bast
left a comment
There was a problem hiding this comment.
Looks mostly good to me, this is more clear now and I think this is the behavior we want.
This commit ensures closing_signed can only begin if there are no dangling commitments. It also clarifies update_fee requirements if it is sent after shutdown.
|
This closes #964, correct? |
Closes #964