An IPFS server should provide the signature associated with the closest peers (peer records) it returns if any. IIUC the signatures are stored in the libp2p host peerstore, hence in addition to the ipfsv1 message module, the libp2p endpoint module also has the be updated.
We also need to make sure that the IPFS node shares its own signed peer record, otherwise the signed peer records cannot propagate. I am not sure if this is done in libp2p or if we should actively add a peer's signed record to DHT messages.
The IPFS DHT has the capability to use Signed peer records. We should definitely use them as they add security.
This should be implemented in the ipfsv1 message format, an optional
signaturefield can be added in the protobufPeermessage https://github.com/plprobelab/go-kademlia/blob/dc867cbd3316a89cabaa5be19900cdbf5d2f0805/network/message/ipfsv1/message.proto#L60-L69An IPFS server should provide the signature associated with the closest peers (peer records) it returns if any. IIUC the signatures are stored in the libp2p host peerstore, hence in addition to the ipfsv1 message module, the libp2p endpoint module also has the be updated.
We also need to make sure that the IPFS node shares its own signed peer record, otherwise the signed peer records cannot propagate. I am not sure if this is done in libp2p or if we should actively add a peer's signed record to DHT messages.
References