Closed darosior closed 3 years ago
We could also trust the sync server for not malleating the opinions.. Worst case there is a revault. EDIT: arguably worse case a "yes" is malleated to "no"
So the meeting settled on: "Let's get rid of the signature". Thinking more about it that's not reasonable, as there is the reason
field that can be malleated as well and is displayed on the GUI. That's a pretty obvious threat...
Ok (after discussions with @JSwambo) so we'll have keys everwhere anyways!
We also need to make the pukeys part of the message (using key recovery would be useless here)
Now that network.md is merged we can link to it :)
Actually the pubkeys used are different
I spec'ed that the
spend_opinion
requires a signature from the watchtower.... But did not specify the actual public key used by the recipient to verify it !That's YA key exchange that needs to be done.