In fact you already have to trust relays for a bunch of stuff.
But not even validating what you can seems a very bad idea.
If validating sigs is too hard for phones — then the protocol doesn’t work for what’s supposed to do — or at least phones aren’t ready to support it yet.
I don’t think it would be that easy to find out for end users. Esp. if most people are using Damus.
It should at very least check a random sample of sigs and have UI for verifying individual notes.
Are sigs really expensive to check, even with Schnorr batch validation?
Quite frankly I wouldn’t have shipped the app without validating sigs. Kinda embarrassing.
lucash.dev
npub1st…w67hq
2023-02-14 23:52:39
in reply to nevent1q…ujjx
Author Public Key
npub1sttsl959a2lvyufqrwkdrlqeg85ks65m72mgdsup5kmx9asqq2csaw67hqPublished at
2023-02-14 23:52:39Event JSON
{
"id": "c05171aa58ed1dc5d087ac1e05e6002839e949283b72fa2db67891d4132c2b13",
"pubkey": "82d70f9685eabec271201bacd1fc1941e9686a9bf2b686c381a5b662f60002b1",
"created_at": 1676418759,
"kind": 1,
"tags": [
[
"e",
"909f741bf7ff4463466093f42c9a805672308d63442092baf211bc182b89355b"
],
[
"e",
"9bad60869763e3a0a93cd0fbe1dbe9d3f01f5db57311aad15efc57587abee0d2"
],
[
"p",
"15e727b91083770e2ac6136f1caa3ec6e5a8206de515cbc41509017f3d21acd6"
],
[
"p",
"7cc328a08ddb2afdf9f9be77beff4c83489ff979721827d628a542f32a247c0e"
],
[
"p",
"32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"
],
[
"p",
"7cc328a08ddb2afdf9f9be77beff4c83489ff979721827d628a542f32a247c0e"
]
],
"content": "In fact you already have to trust relays for a bunch of stuff.\n\nBut not even validating what you can seems a very bad idea.\nIf validating sigs is too hard for phones — then the protocol doesn’t work for what’s supposed to do — or at least phones aren’t ready to support it yet.\n\nI don’t think it would be that easy to find out for end users. Esp. if most people are using Damus.\n\nIt should at very least check a random sample of sigs and have UI for verifying individual notes.\n\nAre sigs really expensive to check, even with Schnorr batch validation?\n\nQuite frankly I wouldn’t have shipped the app without validating sigs. Kinda embarrassing.",
"sig": "66e62e3390da2d9884c5d01f44cd88e75a514ecdddfd4cc922271fe3aeea41b57c9017c95e1c7d18987b785721ba39e3518d5bf658a3aa31a9cfae69ee063419"
}