If a remote peer provides a public key in an identify message that doesn't match their peer ID, it's not specified how it should be handled.
Potentially the connection could be closed since this shouldn't happen unless the remote peer is misconfigured/malicious (discussion at libp2p/rust-libp2p#5713 / libp2p/rust-libp2p#5707 (comment))
We could add something to the spec (https://github.com/libp2p/specs/tree/master/identify#publickey) like:
If a remote peer provides a public key which doesn't match their peer ID, the receiving node SHOULD close the connection.
So existing implementations which don't do this would still match the v1.0.0 spec.
If a remote peer provides a public key in an
identifymessage that doesn't match their peer ID, it's not specified how it should be handled.Potentially the connection could be closed since this shouldn't happen unless the remote peer is misconfigured/malicious (discussion at libp2p/rust-libp2p#5713 / libp2p/rust-libp2p#5707 (comment))
We could add something to the spec (https://github.com/libp2p/specs/tree/master/identify#publickey) like:
So existing implementations which don't do this would still match the v1.0.0 spec.