Sorry for a late reply. I have been slightly busy lately.
What's the relation between Bob's revocation key and Alice's revocation key? [...] Is there some sort of public-key cryptography involved in the ack_and_revoke?
This explanation should help you understand it.
Here you can find the formulas which are used to calculate revocation public and private keys
revoke_and_ack message looks like this:
type: 133 (revoke_and_ack)
data:
[channel_id:channel_id]
[32*byte:per_commitment_secret]
[point:next_per_commitment_point]
Your node must provide
per_commitment_secret associated with the
next_per_commitment_point which you sent previously in either
funding_locked or
revoke_and ack message.
Because I've probably confused its meaning. Isn't HTLC a hashed timelock contract? Doesn't that mean that it's an “agreement”? A condition where both exchange commitment transactions?
An HTLC is basically an additional output of a commitment transaction with a specific locking script. If an HTLC is below the dust limit then it is added to the transaction fee (only when the payment has not been settled yet). There is no real incentive for the other party to cheat in this particular case. If you are not comfortable with that, you can always refuse to route payments below the dust limit.
I am still not sure why you mentioned it. If Alice broadcast the first commitment transaction (the one which refunds her 10 BTC), Bob could simply publish a penalty transaction because Alice revealed the secret needed to derive the revocation key for her outdated commitment.
It wouldn't make sense for Bob to broadcast the second commitment transaction if Alice broadcast the first one because: A) It would be rejected by most nodes due to double-spend B) It would probably be more expensive
But, it wouldn't be (acknowledged and) revoked. How would Bob have gained access to the very first commitment transaction's revocation key? Don't they both publish penalties only if the transaction they're publishing is not the newest commitment transaction (that hasn't been revoked yet)?
You're right. I assumed that they managed to sign the second commitment transaction successfully. If we assume that they failed to sign it, there is no need to worry about that HTLC. If Alice refuses to revoke her previous commitment and sign Bob's new transaction, Bob should not reveal the payment preimage needed to claim that HTLC.