Investigate: a peer may route a "bad" encrypted domain message to get routing nodes banned

[sdbondi]

Summary

A peer may send an encrypted domain messages. No routing peer can decipher it, so they are unable to detect that the message is invalid. If this message, once decrypted at the destination, results in a ban for the direct sender/routing node, these payloads could be used maliciously to e.g. cause the destination to ban all its peers.

Details

For example, a peer could send a NewBlock via encrypted messaging. Currently the messaging layer will decrypt this message and pass it onto the domain layer. If the direct sender (rather than the message originator) is given as the sender of the message, the domain layer will ban the sender instead of the originator.

Suggestion: reject all domain layer messages that should never be encrypted and are. If an encrypted domain message is detected (only detectable by the destination) the message originator should be banned, not the direct sender/routing peer.

Impact

Can allow malicious parties to cause network splits and other distruptions