Replying to Avatar ZEUS

Just dropped a draft LUD on the LNURL repo for verification of hosted Lightning addresses. Feedback appreciated.

https://github.com/lnurl/luds/pull/204/files

Avatar
Decentony⚡ 2y ago

So the concern here is the node behind the ln address may be replaced deceptively?

Perhaps a better option is clients' checking ln address against a cache of node public address. And warn the user if there seems to be a change. Change might be an innocent technical necessity or a deceptive one the users may decide themselves.

Reply to this note

Please Login to reply.

Discussion

Avatar
ZEUS 2y ago

Where's that cache live? How's it maintained? How does one update it? And how do you determine if that is a 'deceptive' change or not?

Seems much more complicated imo

Avatar
Decentony⚡ 2y ago

It may live in senders client. Compromise is first transaction will not have a cached value. It will be there for the following ones.

Avatar
ZEUS 2y ago

Ah, I understand now. Yep that could be a help too. Something like that could work well in tandem with this.

Avatar
Decentony⚡ 2y ago

Yes, nostr client etc can hide the pubkey/hash part in your solution while zapping takes that into account as people will not manually type the ln address.

LGTM