lightning-dev
Combined summary - Lightning Address in a Bolt 12 world
The recent programming discussions have been concentrated on enhancing the user experience and scalability of Lightning node operations and DNS record management, while also focusing on security and efficiency.
A key topic is the handling of DNS records for payment systems, debating whether clients should verify the expiration of offers against DNS record expirations and requesting new records proactively to avoid discrepancies. It's proposed that prohibiting duplicate DNS records could simplify systems and reduce latency from TCP fallbacks. The usage of subdomains for scaling was considered but raised concerns over complex addresses affecting user experience.
Discussions also explored the potential for users to establish blinded paths under a single domain to improve scalability and autonomy without advanced messaging systems. This approach favors manual setup for simplicity and emphasizes maintaining a straightforward user experience despite technical complexities. The importance of delv in local DNSSEC validation was highlighted, with references to its manual page on Ubuntu Manpages for the Jammy distribution, underscoring the need to utilize such tools to secure internet infrastructure.
In terms of payment system design, a structure was proposed allowing for a single DNS record to associate a domain with a lightning node, aiming for long-lived and compact offers. The necessity for consistent terminology and addressing trust-on-first-use issues were noted. Privacy concerns with DoH resolvers and limitations in standard OS libraries querying TXT records directly were acknowledged, suggesting reliance on DoH queries and personal DNSSEC validation.
Service providers are advised to adopt flexible DNS setups, integrating both manual TXT record addition and managing their own BIND servers, to promote user autonomy and reduce dependency on LSPs. However, companies' reluctance to manage DNS due to risks is recognized, advocating sender software support to alleviate these concerns. The efficiency, latency, and security implications of DNS-only versus webserver-based LNURL applications were debated, with a preference for a lightweight, scalable DNS-only approach.
Tony questioned the practicality of a single DNS entry supporting unlimited users and the transition from LNURL to LNDNS, emphasizing the need for scalable solutions that remain accessible to developers. Consensus leaned towards a dynamic method combining option 3 for specific user queries with a fallback to option 1. Discussions also stressed setting appropriate expiration times for paths/offers and DNS records to minimize latency and maintain accurate timings.
Additionally, the discussions addressed the integration of blinded paths and offers into DNS records to enhance scalability and security. Personal lightning nodes independent of domain operators were recommended, along with considerations for self-hosting versus using LSPs and the role of DNSSEC validation. Mobile use could be facilitated by QR codes. Bastien highlighted privacy implications of using DNS for payment data and suggested a simplified approach for service providers to handle zonefile entries. Clients should prioritize DoH requests and use option 3 first, reverting to option 1 as necessary.
The integration of bolt12 within the LNURL framework was considered to address DNS scalability challenges for service providers with large user bases. Oblivious HTTP was introduced as a solution to protect IP addresses and payment information. The improvement of the lightning address protocol was discussed, proposing private retrieval of node_id
via DNS records and anonymous queries by payment senders. Two mechanisms were suggested for implementation, with encouragement to try option 3 before option 1. The community aims to develop these ideas into a bLIP (Bitcoin Improvement Proposal), seeking a balance between user experience and privacy/security in the lightning address protocol.