achingbrain
commented
1 year ago The PeerInfo structure emitted by PeerDiscovery includes a 'protocols' field.
This was a mistake and will be removed in a future version of libp2p. A PeerInfo should just be a PeerID + Multaddrs.
If we supply protocols it creates an attack vector whereby we can send bogus or incorrect protocols on behalf of other peers.
They should be exchanged via Identify after connection, though granted this involves more round trips.
Another option might be extending signed peer records to include protocols - the data here is guaranteed to have originated from the signing peer, but there's no attempt to ensure the protocol list is not stale.
The PeerInfo structure emitted by PeerDiscovery includes a 'protocols' field. However, the _broadcast method doesn't send this data and the _onMessage method uses a static empty array. This seems like a missed opportunity to learn a discovered Peer's supported protocols in less round trips.
I've simply updated the PeerInfo structure used by PubSub Peer Discovery to comply to the latest PeerInfo interface and gathered the protocols from the Registrar component. If there is a better place the protocols could be gathered from, that would be easy to change.