diff --git a/02-peer-protocol.md b/02-peer-protocol.md
index 868fe9ea7..b563b5a23 100644
--- a/02-peer-protocol.md
+++ b/02-peer-protocol.md
@@ -106,8 +106,9 @@ immediately included in a block.
The sender SHOULD set `dust-limit-satoshis` to sufficient value to
allow commitment transactions to propagate through the bitcoin
-network. It MUST set `max-num-htlcs` to less than or equal to 300
-[FIXME:LAOLU recalc?]. It SHOULD set `htlc-minimum-msat` to the minimum
+network. It MUST set `max-num-htlcs` to less than or equal to 600
+[BOLT #5](05-onchain.md#penalty-transaction-weight-calculation).
+It SHOULD set `htlc-minimum-msat` to the minimum
amount HTLC it is willing to accept from this peer.
@@ -116,7 +117,7 @@ unreasonably large. The receiver MAY fail the channel if
`funding-satoshis` is too small, and MUST fail the channel if
`push-msat` is greater than `funding-amount` * 1000.
The receiving node MAY fail the channel if it considers
-`htlc-minimum-msat` too large, `max-htlc-value-in-flight` too small, `channel-reserve-satoshis` too large, or `max-num-htlcs` too small. It MUST fail the channel if `max-num-htlcs` is greater than 300 [FIXME:LAOLU recalc?]
+`htlc-minimum-msat` too large, `max-htlc-value-in-flight` too small, `channel-reserve-satoshis` too large, or `max-num-htlcs` too small. It MUST fail the channel if `max-num-htlcs` is greater than 600.
The receiver MUST fail the channel if
diff --git a/05-onchain.md b/05-onchain.md
index 30d5c00e6..374a8f2f8 100644
--- a/05-onchain.md
+++ b/05-onchain.md
@@ -316,6 +316,32 @@ broadcasts HTLC-timeout and HTLC-success transactions, but the
requirement that we persist until all outputs are irrevocably resolved
should cover this. [FIXME: May have to divide and conquer here, since they may be able to delay us long enough to avoid successful penalty spend? ]
+## Penalty Transaction Weight Calculation
+
+As described in [BOLT #3](03-transactions.md), the witness script for
+a penalty transaction is:
+
+ 1 { OP_IF OP_ELSE to-self-delay OP_CSV OP_DROP OP_ENDIF OP_CHECKSIG }
+
+Which takes 1 byte to indicate the number of stack elements, plus one
+byte for the size of each element (+3), 73 bytes worst-case for
+`` (+73), one byte for the `1` (+1), nine bytes for the script
+instructions (+9), 33 bytes for each of the keys (+66), and two bytes
+for `to-self-delay` (+2).
+
+This gives 1+3+73+1+9+66+2=155 bytes of witness data, weight 155.
+
+The penalty txinput itself takes 41 bytes, thus has a weight of 164,
+meaning each input adds 319 weight.
+
+The rest of the penalty transaction takes 4+3+1+8+1+34+4=55 bytes
+assuming it has a pay-to-witness-script-hash (the largest standard
+output script), thus a base weight of 220.
+
+With a maximum standard weight of 400000, this means a standard
+penalty transaction can have up to 1253 inputs. Thus we could allow
+626 HTLCs in each direction (with one output to-self) and still
+resolve it with a single penalty transaction.
# General Requirements