[Klathmon]

#1 isn't strictly true, you don't need to be "always online", only online at some point within the locktime (normally 3 days right now).

You can also hand your "revocable delivery" transactions to a 3rd party (or multiple 3rd parties) who can monitor and broadcast them in the case of cheating, but can't actually spend any of your money themselves.

So you could have a group of people watching the blockchain always online that can punish non-compliance, but you yourself are only online when you want to transact.

[lalaland1125]

Of course, someone could pay off that third party to stop watching your channel.

[Klathmon]

And you could have multiple "watching" services that can prevent any one "watching" service from betraying you.

Obviously controlling your own "watching" system is most secure, but the vast majority of people aren't going to want to do it themselves.

And again, if the biggest worry is that someone will pay off multiple "watchers" then publish a previous version of a channel to steal money from you and hope that your proper node isn't online at any point during the locktime (or DoS your node to prevent you from seeing the bad transaction) to punish the thief and "steal" all the money back. I think we are doing a pretty good job!

[IncRnd]

According to you own words, the answer to poor transaction times is to make transactions less reliable and to introduce centralization.

I have to ask the million dollar question. Has this been threat modeled?

[Klathmon]

I don't know where you got all that from!

Transactions in LN are just as "reliable", and don't introduce centralization in any meaningful way.

As for the "modeling", I'm not sure what you want. The threats have been outlined in the whitepaper, and successfully tested in some capacity on testnet. And now they are being tested as lightning network is being rolled out on mainnet. There might be some formal "threat modeling", but i'm not familiar with what that would even look like or mean.

No better way to "threat model" than to try it out in a hostile environment where bad actors that have some kind of "exploit" can already use it to gain BTC.

[IncRnd]

> As for the "modeling", I'm not sure what you want. The threats have been outlined in the whitepaper, and successfully tested in some capacity on testnet.

> No better way to "threat model" than to try it out in a hostile environment

You just answered my question, sorry to say.

[Klathmon]

Don't take my not knowing what you mean as a confirmation that nobody in this space knows what you are talking about.

I know the technical side somewhat well, and apparently have a thing for explaining the basics in layman's terms. I have a feeling I don't know what you mean by "threat modeling", but that doesn't mean nobody does. And your choosing to make sly comments instead of explaining yourself doesn't fill me with confidence that you are being completely impartial here...