Hi Prayank
> 1.Is Lightning Network and a few other layer 2 projects vulnerable to
> multiple RBF policies being used?
Clearly the security of the Lightning Network and some other Layer 2 projects
are at least impacted or partly dependent on policy rules in a way that the
base blockchain/network isn't. As I (and others) have said on many occasions
ideally this wouldn't be the case but it is best we can do with current
designs. I (and others) take the view that this is not a reason to abandon
those designs in the absence of an alternative that offers a strictly superior
security model. Going back to a model where *all* activity is onchain (or even
in less trust minimized protocols than Lightning) doesn't seem like the right
approach to me.
> 2.With recent discussion to change things in default RBF policy used by Core,
> will we have multiple versions using different policies? Are users and
> especially miners incentivized to use different versions and policies? Do
> they have freedom to use different RBF policy?
Without making policy rules effective consensus rules users (including miners)
are free to run different policy rules. I think it is too early to say what the
final incentives will be to run the same or differing policies. Research into
Lightning security is still nascent and we have no idea whether alternative
Layer 2 projects will thrive and whether they will have the same or conflicting
security considerations to Lightning. I suspect as with defaults generally most
users will run whatever the defaults are as they won't care to change them (or
even be capable of changing them if they are very non-technical). But users who
have a stake in the security of Lightning (or other Layer 2 projects) will
clearly want to run whatever policy rules are beneficial to those protocols.
As you know the vast majority of the full nodes on the network currently run
Bitcoin Core. Whether that will change in future and whether this a good thing
or not is a whole other discussion. But the reality is that with such strong
dominance there is the option to set defaults that are widely used. I think if
certain defaults can bolster the security of Lightning (and possibly other
Layer 2 projects) at no cost to full node users with no interest in those
protocols we should discuss what those defaults should be.
> 3.Are the recent improvements suggested for RBF policy only focused on
> Lightning Network and its security which will anyway remain same or become
> worse with multiple RBF policies?
I think by nature of the Lightning Network being the most widely adopted Layer
2 project most of the focus has been on Lightning security. But contributors to
other Layer 2 projects are free to flag and discuss security considerations
that aren't Lightning specific.
> Note: Bitcoin Knots policy is fully configurable, even in the GUI - users can
> readily choose whatever policy *they* want.
The maintainer(s) and contributors to Bitcoin Knots are free to determine what
default policy rules they want to implement (and make it easier for users to
change those defaults) in the absence of those policy rules being made
effective consensus rules. I suspect there would be strong opposition to making
some policy rules effective consensus rules but we are now venturing again into
future speculation and none of us have a crystal ball. Certainly if you take
the view that these policy rules should never be made effective consensus rules
then the fact there is at least one implementation taking a contrasting
approach to Core is a good thing.
--
Michael Folkson
Email: michaelfolkson at [protonmail.com](http://protonmail.com/)
Keybase: michaelfolkson
PGP: 43ED C999 9F85 1D40 EAF4 9835 92D6 0159 214C FEE3
------- Original Message -------
On Sunday, February 13th, 2022 at 6:09 AM, Prayank via Lightning-dev
<lightning-...@lists.linuxfoundation.org> wrote:
> Hello World,
>
> There was a discussion about improving fee estimation in Bitcoin Core last
> year in which 'instagibbs' mentioned that we cannot consider mempool as an
> orderbook in which which everyone is bidding for block space because nodes
> can use different relay policies:
> https://bitcoin-irc.chaincode.com/bitcoin-core-dev/2021-09-22#706294;
>
> Although I still don't consider fee rates used in last few blocks relevant
> for fee estimation, it is possible that we have nodes with different relay
> policies.
>
> Similarly if we have different RBF policies being used by nodes in future,
> how would this affect the security of lightning network implementations and
> other layer 2 projects?
>
> Based on the things shared by 'aj' in
> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-February/019846.html
> it is possible for an attacker to use a different RBF policy with some
> nodes, 10% hash power and affect the security of different projects that rely
> on default RBF policy in latest Bitcoin Core.
>
> There was even a CVE in which RBF policy not being documented according to
> the implementation could affect the security of LN:
> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html
>
> 1.Is Lightning Network and a few other layer 2 projects vulnerable to
> multiple RBF policies being used?
>
> 2.With recent discussion to change things in default RBF policy used by Core,
> will we have multiple versions using different policies? Are users and
> especially miners incentivized to use different versions and policies? Do
> they have freedom to use different RBF policy?
>
> 3.Are the recent improvements suggested for RBF policy only focused on
> Lightning Network and its security which will anyway remain same or become
> worse with multiple RBF policies?
>
> Note: Bitcoin Knots policy is fully configurable, even in the GUI - users can
> readily choose whatever policy *they* want.
>
> --
> Prayank
>
> A3B1 E430 2298 178F
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
