Evaluate filtering subject interest propagation to leaf nodes with restricted users

[bruth]

I had a conversation with a person on Slack who tested out a the behavior of an LN connection to NGS with a user having --deny-pubsub=">" and enabling trace logs to discover the [LS+] ... lines which shows the subjects in the interest graph. Although a client can't obviously pub or sub to those, he posed the question/concern that its an easy way to snoop on subjects even though the user shouldn't see any of them.

The question is whether interest prop should be filtered down to only the subset of permissions the LN connecting user has. I know there can be multiple connections across accounts, so the subset would need to be the union of those.

This may overlap with some of the interest prop optimization work that has been discussed recently?

[derekcollison]

That could be done, and you are right you can publish to them (although I do think we now see that one the LN side and deny but could be wrong). What I so know is that when the message reaches the LN side and its denied the connection will be closed.