Closed justinmoon closed 5 months ago
I wouldn't restrict who can register gateways, but rather:
I'm thinking the gateway meta filed should be a JSON list of hex encoded gateway ids. Would we need to add a meta field to LightningClientConfig
, similar to GlobalClientConfig
meta?
I worry a little bit that, in practice, adding a concept of vetted gateways essentially enables selection of the gateways by the federation.
Could we add smarter logic on the client-side for gateway selection? We've talked in the past about adding gateway selection policies but today everything is still manual.
I worry a little bit that, in practice, adding a concept of vetted gateways essentially enables selection of the gateways by the federation.
Yeah feels like vetting adds an element of censorship by the federation. Not sure if we should implement it anyways.
Regards to smarter selection logic, what parameters would a client consider when selecting a gateway, and how can we encode these in the gateway registration info? I'm imagining some kind of a reliability counter that updates with every failed send/receive payment
I'm imagining some kind of a reliability counter that updates with every failed send/receive payment
The hard part is not creating a system that can be easily gamed. If we just included the payment reliability, I could sabotage you're gateway by asking it to pay a bunch of invoices that don't correspond to any real lightning node.
The hard part is not creating a system that can be easily gamed. If we just included the payment reliability, I could sabotage you're gateway by asking it to pay a bunch of invoices that don't correspond to any real lightning node.
Right. My initial thought is to "discover" gateway reliability but do it per client (kind of like probing in the lightning network). That way, if you spam a gateway with a bunch of failed payments, you're only hurting your own gateway reliability metric, but not for other clients.
One issue with this though is that it takes time (and failures) to discover these things, so new users might have a poor experience while discovering which gateways are reliable.
I think having a vetted_gateways
concept isn't in conflict with more intelligent GW selection logic, but can rather be seen as a starting point: other gateways can still be tried once we implement more client side logic and if vetted gateways don't perform they will be ignored.
But till we get better client side logic this is an adequate solution imo.
Progress
@elsirion, What would be expected client behavior if it's config changed? I'm looking to add a generic consensus api for the guardians to vet a gateway and now I wonder what the implications are for modifying client config meta fields at runtime. ref
Currently the meta fields are static, eventually we want to make them dynamic, see #2791. Currently we hack around this limitation using meta_override_url
. Now I'm wondering if it should be integrated for this particular purpose :grimacing: Then we'd need a caching strategy.
Now I'm wondering if it should be integrated for this particular purpose 😬 Then we'd need a caching strategy.
I'm testing an integration of meta_override_url
as a source for whitelisted gateways, no client caching of meta
Works out pretty well. See #3533 What cache strategies do you have in mind, @elsirion
implemented cache on the same PR and we get to make the db migration once
Currently a poorly-run gateway can join a federation and cause a lot of payment failures because the client isn't smart about ignoring such a gateway. For this reason, we should have an optional mechanism to whitelist gateways enabling guardians to prevent such unknown gateways from registering.
Simplest way to do this is a
FM_GATEWAY_WHITELIST
parameter that you can set to a list ofgateway_id
s. But this might be something that should be under consensus and configurable via guardian dashboard in the future.