Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

identify protocol should validate received public keys #5706

Open
jameshiew opened this issue Nov 30, 2024 · 0 comments
Open

identify protocol should validate received public keys #5706

jameshiew opened this issue Nov 30, 2024 · 0 comments

Comments

@jameshiew
Copy link

Description

A remote peer can provide any public key as part of the identify protocol. This could be validated to match the remote peer's ID. Go/JS libp2p do this sort of validation:

The received public_key is exposed via identify::Event::Received events. e.g. logged to console in the identify-example

rust-libp2p/examples/identify/src/main.rs

Lines 69 to 72 in 00588a5

// Prints out the info received via the identify event
SwarmEvent::Behaviour(identify::Event::Received { info, .. }) => {
println!("Received {info:?}")
}

Motivation

If downstream users depend on info.public_key (e.g. public_key.to_peer_id()), they may expect it to match the remote peer like in the Go/JS libp2p implementations.

Current Implementation

I couldn't find code in protocols/identify that validated remote peer public keys, testing it out it accepts any public key.

Are you planning to do it yourself in a pull request ?

Yes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jameshiew