And you could have multiple "watching" services that can prevent any one "watching" service from betraying you.
Obviously controlling your own "watching" system is most secure, but the vast majority of people aren't going to want to do it themselves.
And again, if the biggest worry is that someone will pay off multiple "watchers" then publish a previous version of a channel to steal money from you and hope that your proper node isn't online at any point during the locktime (or DoS your node to prevent you from seeing the bad transaction) to punish the thief and "steal" all the money back. I think we are doing a pretty good job!
Transactions in LN are just as "reliable", and don't introduce centralization in any meaningful way.
As for the "modeling", I'm not sure what you want. The threats have been outlined in the whitepaper, and successfully tested in some capacity on testnet. And now they are being tested as lightning network is being rolled out on mainnet. There might be some formal "threat modeling", but i'm not familiar with what that would even look like or mean.
No better way to "threat model" than to try it out in a hostile environment where bad actors that have some kind of "exploit" can already use it to gain BTC.
> As for the "modeling", I'm not sure what you want. The threats have been outlined in the whitepaper, and successfully tested in some capacity on testnet.
> No better way to "threat model" than to try it out in a hostile environment
Don't take my not knowing what you mean as a confirmation that nobody in this space knows what you are talking about.
I know the technical side somewhat well, and apparently have a thing for explaining the basics in layman's terms. I have a feeling I don't know what you mean by "threat modeling", but that doesn't mean nobody does. And your choosing to make sly comments instead of explaining yourself doesn't fill me with confidence that you are being completely impartial here...
> Don't take my not knowing what you mean as a confirmation that nobody in this space knows what you are talking about.
I don't take that. I'd go on a limb to say the majority of readers here are familiar with the concept of threat modeling. Since you don't want to look-up the term, instead slighting me for using it: What is called a threat model is in reality a vulnerability model created by a formal process. In software development, there may not have been a single threat model created by security people that didn't expose vulnerabilities overlooked or not paid attention to by developers of the particular app in question. This is done from an attacker's perspective by people familiar with that perspective, instead of from a developer's perspective which usually doesn't notice vulnerabilities in their own design. This isn't a slight on the developers but that the attacker's mindset and the specialized knowledge of security people are not normally conjoint with general purpose devs.
> instead of explaining yourself doesn't fill me with confidence that you are being completely impartial here...
Impartial? That sounds silly to me, but I know there are tons of people who promulgate their cryptocurrencies and network addons without regard to reality. I'm not one of them. I no longer have any position in any coins, having sold my coins fully in the latest run-up, and am not a creator or anything of any of them.
By the way, you come across as pushing for lightening partially not impartially, since you have danced around the two points I made in my first post. You seem to be an apologist for the tech, not someone who wants to get the right tech implemented. I don't know why you accused me of being partial, when all I did was point out two issues with your statement and asked a question. In reality, you don't seem impartial and should disclose your stake in this tech.
Obviously controlling your own "watching" system is most secure, but the vast majority of people aren't going to want to do it themselves.
And again, if the biggest worry is that someone will pay off multiple "watchers" then publish a previous version of a channel to steal money from you and hope that your proper node isn't online at any point during the locktime (or DoS your node to prevent you from seeing the bad transaction) to punish the thief and "steal" all the money back. I think we are doing a pretty good job!