BOLT 2: clarify comment about reversing uncommitted changes on reconnect, and timeouts.

Olaoluwa pointed out that peers can make work for us by starting to open connections then disconnecting: we need to allow timeouts, since it's the simplest solution. The comment about remembering `r` values (ie. `payment-preimage`) from update_fulfill_htlc was also vague: it was meant to simply note that it's not completely reversible, since the knowledge is (and probably should be!) used to fulfill an incoming HTLC. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-11-19 10:00:04 +01:00 · 2017-01-17 12:33:46 +10:30 · 2017-01-17 12:33:46 +10:30 · 9308eb145a
commit 9308eb145a
parent 614af24071
1 changed files with 5 additions and 3 deletions
--- a/02-peer-protocol.md
+++ b/02-peer-protocol.md
@ -863,12 +863,14 @@ any message), they are independent of requirements here.

 A node MUST handle continuing a previous channel on a new encrypted
 transport.  On disconnection, a node MAY forget nodes which have not
-sent or received an `accept_channel` message.
+sent or received an `accept_channel` message, and MAY forget nodes
+which have not sent `funding_locked` after a reasonable timeout.

 On disconnection, a node MUST reverse any uncommitted updates sent by
 the other side (ie. all messages beginning with `update_` for which no
-`commitment_signed` has been received).  A node SHOULD retain the `r`
-value from the `update_fulfill_htlc`, however.
+`commitment_signed` has been received).  Note that a node MAY have
+already use the `payment-preimage` value from the `update_fulfill_htlc`,
+so the effects of `update_fulfill_htlc` is not completely reversed.

 On reconnection, a node MUST retransmit old messages which may not
 have been received, and MUST NOT retransmit old messages which have