darosior
commented
3 years ago We could also trust the sync server for not malleating the opinions.. Worst case there is a revault. EDIT: arguably worse case a "yes" is malleated to "no"
Closed darosior closed 3 years ago
darosior
commented
3 years ago We could also trust the sync server for not malleating the opinions.. Worst case there is a revault. EDIT: arguably worse case a "yes" is malleated to "no"
darosior
commented
3 years ago So the meeting settled on: "Let's get rid of the signature". Thinking more about it that's not reasonable, as there is the reason field that can be malleated as well and is displayed on the GUI. That's a pretty obvious threat...
darosior
commented
3 years ago Ok (after discussions with @JSwambo) so we'll have keys everwhere anyways!
darosior
commented
3 years ago We also need to make the pukeys part of the message (using key recovery would be useless here)
darosior
commented
3 years ago Now that network.md is merged we can link to it :)
darosior
commented
3 years ago Actually the pubkeys used are different
I spec'ed that the
spend_opinionrequires a signature from the watchtower.... But did not specify the actual public key used by the recipient to verify it !That's YA key exchange that needs to be done.