This proposal includes no such provision.

Since we talked about it, I spent considerable time thinking about the supposed risk and proposed mitigations. I'm frankly not convinced that it is a risk of high enough credibility to worry about, or if it is that a protocol-level complication is worth doing.

The scenario as I understand it is a hub turns evil and tries to cheat every single one of its users out of their bonds. Normally a lightning user is protected form such behavior because they have time to broadcast their own transactions spending part or all of the balance as fees. Therefore because of the threat of mutually assured destruction, the optimal outcome is to be an honest participant.

But, the argument goes, the hub has many channels with many different people closing at the same time. So if the hub tries to cheat all of them at once by DoS'ing the network, it can do so and spend more in fees than any one participant stands to lose. My issue with this is that users don't act alone -- users can be assured that other users will react, and all of them together have enough coins to burn to make the attack unprofitable. The hub-cheats-many-users case really is the same as the hub-cheats-one-user case if the users act out their role in unison, which they don't have to coordinate to do.

Other than that, even if you are still concerned about that  scenario, I'm not sure timestop is the appropriate solution. A timestop is a protocol-level complication that is not trivial to implement, indeed I'm not even sure there is a way to implement it at all -- how do you differentiate in consensus code a DoS attack from regular old blocks filling up? And if you could, why add further complication to the consensus protocol?

A simpler solution to me seems to be outsourcing the response to an attack to a third party, or otherwise engineering ways for users to respond-by-default even if their wallet is offline, or otherwise assuring sufficient coordination in the event of a bad hub.