Talero Public Docs
Public node documentation for builders, wallets, explorers, and operators
Public-safe scope
P2P/Security

P2P and security hardening

High-level public-safe hardening summary for Talero node networking and security posture.

P2P Security Signed hello Frame caps PQ/hybrid

Public-safe does not mean unrestricted. Public mode, privacy mode, safe mode, read-only mode, quotas, deployment profile, and gateway policy can still mask or deny behavior.

Public-Safe Hardening Summary

  • Per-peer outbound queues are bounded.
  • Slow readers can be disconnected or have traffic dropped according to policy.
  • Invalid listen configuration fails closed in strict and public profiles.
  • Signed hello and node identity binding are required in strict and public profiles.
  • Configured bootnodes are not permanently immune to severe repeated faults; quarantine is graduated.
  • GetHeaders and GetBlocks caps follow configuration.
  • Sync target selection requires fresh active peers, not only known peers.
  • Bootstrap diagnostics separate configured sources from live reachability.
  • Repeated header realignment mismatches cause backoff or quarantine.
  • Frame caps are strict in public and strict profiles.
  • PQ/hybrid policy is explicit and fails closed when required.

Public Documentation Boundary

Public P2P/security docs should not expose private peer IDs, raw IPs, operator topology, secret environment values, ACL details, signer routing, or live service commands.