Runes today are often bound to the BOLT8 nodeid, giving both (otherwise
you need to protect your rune from being read).
I like this model *but* it requires two-way comms for setup (the HSM
tells the node its id, the node gives the HSM the rune).
Fortunately, it's trivial to support runes as an
Hey Christian,
You're right, if we create runes inside the HSM then we end up with the
same security model.
It then boils down to whether we'd rather implement Bolt 8 or rune
management inside an HSM!
I'd prefer Bolt 8, as I think it has more universality (and is simpler),
but it could be worth
Very interesting proposal, though as Will points out we could implement the
same using runes: have the rune be managed by the hardware wallet, and
commit the rune used to authenticate the RPC call commit to the call's
payload. That way a potentially compromised client cannot authenticate
arbitrary
Hi William,
> What is wrong with runes/macaroons for validating and authenticating
> commands?
Runes/macaroons don't provide any protection if the machine you are
issuing the RPCs from is compromised. The attacker can change the
parameters of your RPC call and your lightning node will still
On Wed, Sep 06, 2023 at 03:32:50AM +0200, Bastien TEINTURIER wrote:
Hey Zman,
I saw the announcement about the commando plugin, and it was actually
one of the reasons I wanted to write up what I had in mind, because
while commando also uses a lightning connection to send commands to a
lightning
Hey Zman,
I saw the announcement about the commando plugin, and it was actually
one of the reasons I wanted to write up what I had in mind, because
while commando also uses a lightning connection to send commands to a
lightning node, it was missing what in my opinion is the most important
part:
Good morning t-bast,
CLN already has something similar in standard CLN distrib:
https://docs.corelightning.org/docs/commando
However it is tied specifically to the CLN command set.
Nevertheless, it is largely the same idea, just CLN-specific.
Regards,
ZmnSCPxj
Sent with Proton Mail secure
Good morning list,
I have just opened a PR to the bLIPs repository [1] to document an idea
that I started investigating a long time ago and had already discussed
with a few people, but never found the time to write it up before.
This is a very simple architecture to securely send administrative
