I had each side using the other side's hash secret. That's a very
dumb idea, since it means you can steal from a unilateral close!
A's secret applies to A's commit transaction: it needs the
secret and B's final signature to steal funds, and that should
never happen (since A doesn't have the B's final signature, and
once A has given B the secret, they never broadcast the commit tx).
This makes the update a 4 step dance, since you need the new
revocation hash to make the other side's TX to sign.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
DER encoding introduces problems for non-canonical encodings; we should
do that only at the lightning<->bitcoin interface.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell