Here's Pieter's Tweet that kicks of a Twitter thread where he announces this:
Imagine you can encrypt all of an application's P2P network connections, but only some are deliberately to specific peers, while others are just made randomly.
How private can you make an authentication protocol for this use case? Very!
reply
And here is his full Twitter thread, unrolled:
reply
And another Tweet (by Murch, who reviewed the protocol paper) with a clear reason why this is needed:
No, this is more about "how can you make sure that your mobile phone is talking to your own node at home without standing out like a sore thumb": by everyone running an encrypted connection that looks like it might have run an authentication protocol. :)
reply