Proposal for removing unsigned messages in go-libp2p-pubsub

This request will make the message transferring in pubsub more secure as it eliminates the impersonating/man in the middle problem when broadcasting unsigned messages. Also, by providing the signature in each and every message, an initial filtering by signature can be made safely.
See closed issue on pubsub git project #173 .

we might want to make an issue about this.

Thought of it, but decided to open a forum topic instead. Started the talk as I was unable to check if pubsub is used in other projects that rely on unsigned messages.

How many bytes are the signatures? I can imagine pubsub private networks where signature verification is not necessary. It may adds in turn significant overhead when messages are small. So I don’t see a problem with it being configurable as it is now…

1 Like