[Security] Prevent id stealing in mqtt

[freehuntx]

First of all, i know this is a huge request. But maybe it atleast gives you ideas.

Issue

MQTT is a pretty simple pubsub protocol without any authentication. This allows people to "steal" other peers id by just using the same one.

Solution

1. Generate a public/private key using any algorithm (e.g. RSA)
2. Use any hashing code to extract a peerId based on the public key (e.g. Sha256 it and cut the first/last x characters)
3. Announce/Share the own public key with everybody
4. Always sign offers/answers with the private key and share the hash
5. Others validate the hash with the shared public key. If its valid the peers offer/answer is accepted

Notes

I know this is a rather tough one to implement. But here is my idea (to add a benefit for every protocol).
If you implement this "generally" you could have some sort of permanent peerId aka account.
By storing the private key somewhere, others could recognize you which allows to add features like "contacts/friends".
E.g.

import { selfId, writeKey, readKey } from 'trystero'

console.log (readKey()) // Prints a random generated private key (default initial behaviour)
writeKey(localStorage.getItem('my-key')) // Starts to use this new private key (selfId will change because the hash changes)