Open TheBlueMatt opened 7 months ago
I agree:
but, I also think that wrapping/unwrapping the inner most onion layer should be something that should be done on the signer:
Right that makes sense, I guess we'd have to move to a separate call for ECDH on the phantom secret, so we could probably find a way to make that async, letting us have a sync/infallible ECDH for the non-phantom secret.
In #2653 (and elsewhere) we're moving towards signing methods being explicitly fallible as a way to process things asynchronously. That's great for channel operations we can easily retry later, but ECDH and especially fetching our node id are generally not supper retryable operations. Instead, we should definitely make fetching our node id infallible, and maybe consider doing the same with ECDH. There's some concept of wanting to have the private key signing BOLT11 (and BOLT12) invoices be offline/async to ensure a compromised service doesn't sign an invoice which would let a user deposit to a third party, but given the overloading of the node secret key generally, I feel like that really should be accomplished with a phantom node id or BOLT12's use of separate key material for invoice/offer signing. Thoughts?