Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

identify protocol could close connection if remote peer sends invalid public key #5713

Open
jameshiew opened this issue Dec 4, 2024 · 3 comments

Comments

@jameshiew
Copy link
Contributor

jameshiew commented Dec 4, 2024

Description

Remote peer shouldn't ever be providing a public key that doesn't match their peer ID, in this case could close the connection

I haven't tested but it looks like this is what js-libp2p does, for example (https://github.com/libp2p/js-libp2p/blob/d19974d93a1015acfca95c2155dbcffc5fd6a6c0/packages/protocol-identify/src/identify.ts#L106-L108)

Motivation

See discussion at * #5707 (comment)

Current Implementation

identify protocol connection to remote peer stays open

Are you planning to do it yourself in a pull request ?

Maybe

@drHuangMHT
Copy link
Contributor

The specs doesn't seem to have any information about what to do when there is a pubkey mismatch. An event of it can be emitted though.

@dariusc93
Copy link
Member

The specs doesn't seem to have any information about what to do when there is a pubkey mismatch. An event of it can be emitted though.

Thats a good point. Maybe we can add an event for some type of mismatch and let the node itself handle the disconnection (or whatever it wish to do with the peer in question) while we take the question to spec on what to do on a public key mismatch?

@jxs
Copy link
Member

jxs commented Dec 9, 2024

I'd suggest we bubble up this discussion with a PR to the specs, so that the decision is transversal to all the implementations.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants