What do you use PNET (private networks) for?

[Stebalien]

PNET (libp2p private networks) is an old but poorly supported (TCP only) libp2p feature that encrypts (salsa20) each stream with a shared secret. I'm interested in hearing what people use it for because I have a feeling there are better designs for most use-cases.

[cpeliciari]

When I first started studying libp2p, we had a need to control groups of internal devices. However, as I progressed, I began to understand that there are other ways to securely use the public network. I believe that when we look at the pnet libp2p specs, they offer a guarantee that only the nodes that are part of the network will communicate and recognize each other. However, as I started participating more in the forums and diving deeper into go-libp2p over the past month, I began to understand some aspects more deeply. Currently, I am still using pnet, but I can already envision the project without it. Essentially, I’m using it to perform video streaming.

[Darin755]

Honestly I don't really see the point of pnets. It seems like it would be better to compare incoming connections with a list of authorized peers. For gossip you could encrypt the outgoing messages so that only authorized peers can decrypt it. Allowing app developers to set ACL like controls for communications would be better.

From a security perspective it also isn't great as it might create a false sense of security. If the shared key is ever leaked all of the "security" provided by pnet goes out the window. Better to lean into the zero trust concept which would mean that you expect other peers to behave in the worst possible manor. The major benefit of a p2p design is that there is little to no failure points.

[Stebalien]

The original goal was a quick and dirty way to create private networks that leaked nothing (except timing, packet sizes, etc.). I.e., if you connected to a pnet node, you'd just get garbage. If you sniffed the wire, you'd get garbage. As long as the symmetric encryption algorithm wasn't broken, any issues with the underlying security transport wouldn't be exploitable by anyone outside the group with the secret key. In practice, you'd still be able to fingerprint these nodes by looking at timing and message sizes.

However, I completely agree that this approach is wrong for any actual user which is why I posted this poll.

[Darin755]

I think a better standard is needed. I personally wouldn't have any issue with this spec being deprecated.