|
| 1 | +--- |
| 2 | +layout: pr |
| 3 | +date: 2023-08-04 |
| 4 | +title: "Wait to create a channel until after accepting." |
| 5 | +pr: 2428 |
| 6 | +authors: [waterson] |
| 7 | +components: ["channel", "ChannelManager"] |
| 8 | +host: dunxen |
| 9 | +status: upcoming |
| 10 | +commit: |
| 11 | +--- |
| 12 | + |
| 13 | + |
| 14 | +## Notes |
| 15 | + |
| 16 | +* LDK allows a user to manually accept inbound channels from other peers when the corresponding `UserConfig::manually_accept_inbound_channels` field is set to `true`. |
| 17 | + This results in an `Event::OpenChannelRequest` being triggered by a new inbound request for a channel via receiving an `OpenChannel` message. At this point, the |
| 18 | + user needs to manually call `ChannelManager::accept_inbound_channel` or similar before an `AcceptChannel` will be sent back to the peer. |
| 19 | +* This feature gives the user an opportunity to make a decision on accepting or rejecting the channel with their own logic. Importantly, it also allows a user |
| 20 | + to assign their own custom identity to the inbound channel using the `user_channel_id` field, but currently there's a bit of a problem with that... |
| 21 | +* Currently, LDK's `OpenChannel` message handler will _always_ attempt to construct an `InboundV1Channel` object before the `OpenChannelRequest` event is even triggered. |
| 22 | + Consequently, cryptographic material is immediately requested from signer objects using a randomly generated `user_channel_id` and not one the user selected. |
| 23 | +* This PR fixes this bug by deferring construction of an `InboundV1Channel` object until after the user actually manually accepts the channel and has the opportunity |
| 24 | + to provide a custom identity. |
| 25 | + |
| 26 | +## Questions |
| 27 | +1. Did you review the PR? [Concept ACK, approach ACK, tested ACK, or NACK](https://github.com/lightningdevkit/rust-lightning/blob/master/CONTRIBUTING.md#peer-review)?i |
| 28 | +2. What is an important use of a custom `user_channel_id` field when it comes to requesting cryptographic material? Hint: Take a look at [`SignerProvider::generate_channel_keys_id`](https://docs.rs/lightning/0.0.116/lightning/sign/trait.SignerProvider.html#tymethod.generate_channel_keys_id) |
| 29 | +3. What object is introduced to represent inbound channels awaiting a user to accept or reject it? Why would or wouldn't you consider this object a channel at this point? |
| 30 | +4. A new map, `inbound_channel_request_by_id` is introduced for `PeerState`. How do we treat and limit the entries of this map when it comes to denial-of-service mitigations? |
| 31 | +5. Why should we or why should we not still ignore any contributions that inbound 0conf channel requests make to the overall unfunded channel counts? |
| 32 | +6. Which fields/methods in `ChannelContext` are made obsolete by this PR? |
0 commit comments