Proposal: fully switch to signed peer records, deprecate un-signed address announcements

[marten-seemann]

We've already supported signed peer records in Identify for the longest time. Signed peer records are superior, because we know they originate from the right peer (which, with AutoNAT v2, should have a pretty good grasp on its addresses).

We should fully switch to using them everywhere. This includes:

1. Preferring addresses from signed peer records when dialing new connections, going as far as to ignore all non-signed addresses if we have at least one signed one.
2. Using them for peer records in Kademlia.
3. Using them in mDNS.
4. Finding other places where address records are added to the peerstore and dialed.

[thomaseizinger]

At the moment, they are actually undocumented in the specs. See #347.

We should fix the specs first before we make them mandatory for other implementations.

(I do support this proposal in general.)

[BigLep]

because we know they originate from the right peer

I understand that this is what signed peer records give us. When we can be certain they originate from the right peer, what simplifications or attack mitigations does that provide us in the code? Apologies if this is obvious. I'm not against the work, but trying to understand what enables or protects against.

[sukunrt]

One benefit for the DHT here is that they also improve adoption for new transports. Currently DHT nodes filter out addresses they don't understand. By using signed peer records the requesting node gets all the addresses.