Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

identify: specify how to handle invalid public keys #651

Open
jameshiew opened this issue Dec 11, 2024 · 1 comment
Open

identify: specify how to handle invalid public keys #651

jameshiew opened this issue Dec 11, 2024 · 1 comment

Comments

@jameshiew
Copy link

If a remote peer provides a public key in an identify message that doesn't match their peer ID, it's not specified how it should be handled.

Potentially the connection could be closed since this shouldn't happen unless the remote peer is misconfigured/malicious (discussion at libp2p/rust-libp2p#5713 / libp2p/rust-libp2p#5707 (comment))

We could add something to the spec (https://github.com/libp2p/specs/tree/master/identify#publickey) like:

If a remote peer provides a public key which doesn't match their peer ID, the receiving node SHOULD close the connection.

So existing implementations which don't do this would still match the v1.0.0 spec.
@MarcoPolo
Copy link
Contributor

That seems reasonable. We currently ignore this in go-libp2p

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
libp2p Specs
Status: Triage
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MarcoPolo @jameshiew