Node signing.

[shocknet-justin]

LND has message signature and validation, this would be useful if consistent across all implementations for node-identity functions.

[rustyrussell]

Agreed, but @Roasbeef feels it's a bit too early to standardize. Let's let it simmer for a bit: I've flagged it for 1.1.

[wbobeirne]

I'm definitely interested in general-purpose message signing for use in WebLN. Currently most sites that have paid content either bind purchases to an account on the site, or save something in a cookie / local storage which can be lost.

It'd be great if, on any site you paid for something, you could provide proof of ownership over the node that made the transaction and be given access to what you'd paid for that way. It's also nice for content-driven websites to allow you to sign content to prove that it's you who posted it.

The Ethereum community has adopted EIP-712 as a standard for signing arbitrary data, it'd be nice to see something similar for Lightning.

[grantwest]

@wbobeirne The downside of using node key in that way is it significantly reduces privacy. Someone receiving a payment does not need to know who the payment came from, but if you tell them voluntarily then you lose the privacy that LN has afforded you. Havinng a static payment identity across the entire web will allow systems to track all of your payments.

There are better ways to do proof of payment or proof of right to access.

[fiatjaf]

Here's one alternative protocol for signing with keys from your wallet (one that can actually work with mobile wallets and doesn't depend on you having a public Lightning node as the current lnd implementation): https://github.com/btcontract/lnurl-rfc/blob/master/spec.md#2-lnurl-auth

The generated keys are derived from your seed, but different for each service so there's no compromise on privacy.

[ysangkok]

Seems like LND, Eclair and C-Lightning are all compatible according to this PR description: https://github.com/ACINQ/eclair/pull/1499

[t-bast]

Indeed, thanks @ysangkok for digging this one up. Closing the issue as it's become a somewhat standard implementation feature (but doesn't need to be spec-ed imho).