marten-seemann
commented
1 year ago This sounds reasonable. We should definitely implement this for identify.
However, we'll also need an API for this consumers of go-libp2p, e.g. Kademlia. Possible API:
func GetSignedPeerRecord(remote ma.Multiaddr) record.Envelope
When sending addresses to a peer we should only send those addresses that are relevant to the peer and not all of our available addresses. Only send localhost addresses on connections where the remote address is a localhost address Only send private addresses on connections where the remote address is a private address Send public addresses to everyone
For this to be effective we'll have to send different signed peer records to different peers depending on the connection that we have.
This filtering is done on the receive side since https://github.com/libp2p/go-libp2p/pull/2300/files. We should also do this on the sending side and not share the node's private addresses with everyone.
It may be possible to get a more precise set of addresses for a peer with a private remote address by consulting the system routing table. I have not thought through the details of this scheme, but majority of cases will have just one gateway and the above system is a good start.