Understanding JS-libp2p PNET Example

I would like to start implementing pnet support for the libp2p project I’ve been working away at and upon reading over the example on GitHub(https://github.com/libp2p/js-libp2p/blob/master/examples/pnet/index.js) I just want clarification on one point.

During the dialProtocol and handle functions I don’t see where the connProtector value is passed as the generated swarmkey. When the nodes are created the swarmkey is passed as a property then, but as far as I can tell not afterwards. Does this mean that nodes supporting the connProtector in the config will only handle connections dialled by nodes sharing the same swarmkey?

If so, could an array of different acceptable swarm keys be passed or would a new node have to be instantiated with specific support for each swarmkey?

Does this mean that nodes supporting the connProtector in the config will only handle connections dialled by nodes sharing the same swarmkey?

Yes. The pnet protector is a simple Private Shared Key protector used to isolate your node on a single network. Its goal is pretty simple; only allow nodes with the same shared key to connect. In order to support multiple private networks, you’d need to create a new protector to pass libp2p. This has a much higher risk though, as there’s a large risk of data being exchanged across private networks by nodes.

A couple questions. Is security the primary concern here, or are you trying to create overlays of “groups”? If security is the concern and you only want explicitly allowed nodes to view the data, it would probably be better to encrypt the data before you send it. Your group could exchange a shared encryption key, which could be done at the application level.