PubSub is wide open, can we authenticate messages?

I’m trying pubsub, but I notice you pick a topic and send data… nothing is authenticated. Is there a way to sign messages with the node’s private key, so that other peers know it’s from me?

My goal is to speed up IPNS by having the peers push out their new ipns reference through pubsub… but it needs the same sort of authentication… if it’s not baked in… I’ll need to handle the crypto out of band… and that can be annoying :slight_smile:

thanks a lot for the great project!

Newer versions of go-floodsub have support for arbitrary message validation but it’s not exposed over the CLI.

However, if you’re looking for IPNS over pubsub, we already have support for that. You can enable it by running the daemon with the --enable-namesys-pubsub flag. IPFS will check the IPNS signatures internally so you won’t have to do that.

Any update on authenticated pubsub in late 2020?

If you’re using go-libp2p-pubsub as a library, support for validators has matured (and is used in filecoin, ethereum 2, ipfs, etc.).

If you’re using go-ipfs on the command-line, no. Unfortunately, there’s no good way to simply “inject” code from the commandline so implementing this is a bit tricky. The best path forward for now is probably to introduce some pluggable (e.g., with binary plugins), pre-defined validators that can be enabled on the commandline with a --validator=xyz flag. But this isn’t a priority for the core IPFS team at the moment, so it’ll have to come from a community contribution.

If you’re interested, please file an issue in the go-ipfs repo describing the solution you propose to implement.

Ok I see, thanks for the update.