Waku 0: Include privacy, scalability and DDoS considerations

[oskarth]

Problem

Currently Whisper/Waku has many different capabilities and modes which impact various forms of security considerations. Right now it isn't clear what the impact is, which means the spec isn't clear about its guarantees and client users might be at risk against various threat models without being aware of it.

Acceptance criteria

Security considerations to capture in Waku spec under Security Considerations section:

Scalability / UX:

• BW usage theoretical model link
• Mailserver HA requirements or not (points to MVDS, but also not always [public chat wrong level but hint at it])
• Gossip scalability issue (points to e.g. pss routing)
• Lack of incentive centralization factor (points to e.g. accounting for resources

Privacy:

• Light node privacy
• Bloom filter privacy
• Mailserver privacy
• (waku v1) waku mode privacy
• General disclaimer on privacy not studied rigorously for Whisper; same signature (vs e.g. Sphinx/Mixnet)
• Topic hygiene (tradeoff bw)

Spam resistance:

• PoW low bad for heterogenerous devices
• Mailserver trusted direct TCP

Censorship resistance:

• Devp2p TCP port blockable (points to libp2p use)

Details

Some are captured in https://github.com/status-im/specs

Possible Solutions

Write it down in Waku specs.

Notes

[oskarth]

^ fyi @kdeme @adambabik @decanus @corpetty - anything missing?

[oskarth]

Done in PR