identify protocol should validate received public keys

[jameshiew]

Description

A remote peer can provide any public key as part of the identify protocol. This could be validated to match the remote peer's ID. Go/JS libp2p do this sort of validation:

• go-libp2p (https://github.com/libp2p/go-libp2p/blob/288868c0d90e2d72a124da26caa14c77d35dbbdd/p2p/protocol/identify/id.go#L920-L935)
• js-libp2p (https://github.com/libp2p/js-libp2p/blob/98f3c773dce0deea7abf15c77fad5d2bb83b507e/packages/protocol-identify/src/utils.ts#L76-L82)

The received public_key is exposed via identify::Event::Received events. e.g. logged to console in the identify-example

rust-libp2p/examples/identify/src/main.rs

Lines 69 to 72 in 00588a5

	// Prints out the info received via the identify event
	SwarmEvent::Behaviour(identify::Event::Received { info, .. }) => {
	println!("Received {info:?}")
	}

Motivation

If downstream users depend on info.public_key (e.g. public_key.to_peer_id()), they may expect it to match the remote peer like in the Go/JS libp2p implementations.

Current Implementation

I couldn't find code in protocols/identify that validated remote peer public keys, testing it out it accepts any public key.

Are you planning to do it yourself in a pull request ?

Yes

[dariusc93]

resolved in #5707