From: Matt Corallo <git@bluematt.me>
Date: Thu, 25 Jul 2019 18:18:33 +0000 (-0400)
Subject: Do not require upfront_shutdown as the security gain is marginal
X-Git-Tag: v0.0.12~198^2
X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=refs%2Fheads%2F2019-07-no-bogus-sec-required;p=rust-lightning

Do not require upfront_shutdown as the security gain is marginal

There is really no reason to want to never open a channel just
because a counterparty doesn't support upfront_shutdown.
---

diff --git a/src/ln/msgs.rs b/src/ln/msgs.rs
index a61ec562..f6968c5d 100644
--- a/src/ln/msgs.rs
+++ b/src/ln/msgs.rs
@@ -63,13 +63,13 @@ impl LocalFeatures {
 	#[cfg(not(feature = "fuzztarget"))]
 	pub(crate) fn new() -> LocalFeatures {
 		LocalFeatures {
-			flags: vec![1 << 4],
+			flags: vec![1 << 5],
 		}
 	}
 	#[cfg(feature = "fuzztarget")]
 	pub fn new() -> LocalFeatures {
 		LocalFeatures {
-			flags: vec![1 << 4],
+			flags: vec![1 << 5],
 		}
 	}
 
@@ -96,7 +96,7 @@ impl LocalFeatures {
 	}
 	#[cfg(test)]
 	pub(crate) fn unset_upfront_shutdown_script(&mut self) {
-		self.flags[0] ^= 1 << 4;
+		self.flags[0] ^= 1 << 5;
 	}
 
 	pub(crate) fn requires_unknown_bits(&self) -> bool {
@@ -2018,9 +2018,9 @@ mod tests {
 			target_value.append(&mut hex::decode("0000").unwrap());
 		}
 		if initial_routing_sync {
-			target_value.append(&mut hex::decode("000118").unwrap());
+			target_value.append(&mut hex::decode("000128").unwrap());
 		} else {
-			target_value.append(&mut hex::decode("000110").unwrap());
+			target_value.append(&mut hex::decode("000120").unwrap());
 		}
 		assert_eq!(encoded_value, target_value);
 	}
diff --git a/src/util/config.rs b/src/util/config.rs
index 5b805d45..0b61a569 100644
--- a/src/util/config.rs
+++ b/src/util/config.rs
@@ -152,13 +152,15 @@ pub struct ChannelConfig {
 	///
 	/// This cannot be changed after the initial channel handshake.
 	pub announced_channel: bool,
-	/// Set to commit to an upfront shutdown_pubkey at channel opening. In case of mutual
-	/// closing, the other peer will check that our closing transction output is encumbered
-	/// by the provided script.
+	/// When set, we commit to an upfront shutdown_pubkey at channel open. If our counterparty
+	/// supports it, they will then enforce the mutual-close output to us matches what we provided
+	/// at intialization, preventing us from closing to an alternate pubkey.
 	///
-	/// We set it by default as this ensure greater security to the user funds.
+	/// This is set to true by default to provide a slight increase in security, though ultimately
+	/// any attacker who is able to take control of a channel can just as easily send the funds via
+	/// lightning payments, so we never require that our counterparties support this option.
 	///
-	/// This cannot be changed after channel opening.
+	/// This cannot be changed after a channel has been initialized.
 	pub commit_upfront_shutdown_pubkey: bool
 }