maxmoney21m on Nostr: #[1] I think you need a private relay proposal to go along with this one. We will ...
Vitor Pamplona (npub1gcx…nj5z) I think you need a private relay proposal to go along with this one. We will need private relays for other things as well (e.g. a company-internal Slack alternative), and unless I just missed it I don't think there's a NIP for that yet.
The socket handshake would need to be authenticated with a signature to prevent unauthorized access, probably with a pubkey whitelist on the relay side. (There's currently a NIP for doing authentication *after* the socket is open, but that's insufficient IMO.)
Clients / users also need a way to make it very difficult to accidentally share data with unintended relays. Maybe private relays should enforce that all requests be sent encrypted with the private relay's own pubkey or something. So if I'm logged in to a private account in my client, the client will connect only to a specific relay and encrypt everything just for that relay.
Introducing NIP-82: Medical Data over Nostr
It's a very early draft. A conversation starter for the private exchange of any medical information over Nostr with consent management and access revocation.
My goal here is to start with the simplest solution that can possibly work. Let me know if it doesn't.
https://github.com/nostr-protocol/nips/pull/357
Published at
2023-03-13 02:50:32Event JSON
{
"id": "6bc837f423a2eddb79f74a981fe99d2eb2388bc41c6b3f7282ebbc9a6011decd",
"pubkey": "df4cafee85f79769545851db202a8856f82dc917548093c760f3094896e987b2",
"created_at": 1678675832,
"kind": 1,
"tags": [
[
"e",
"6efd273caeac5cebc279f0068f851bfb119063336652a98bd1c16f3bf8fd4015"
],
[
"p",
"460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c"
]
],
"content": "#[1] I think you need a private relay proposal to go along with this one. We will need private relays for other things as well (e.g. a company-internal Slack alternative), and unless I just missed it I don't think there's a NIP for that yet.\n\nThe socket handshake would need to be authenticated with a signature to prevent unauthorized access, probably with a pubkey whitelist on the relay side. (There's currently a NIP for doing authentication *after* the socket is open, but that's insufficient IMO.)\n\nClients / users also need a way to make it very difficult to accidentally share data with unintended relays. Maybe private relays should enforce that all requests be sent encrypted with the private relay's own pubkey or something. So if I'm logged in to a private account in my client, the client will connect only to a specific relay and encrypt everything just for that relay.\n\n#[0]",
"sig": "e3e0ce13d619b9334fa5a50d76c546ec47e00c5294c912098edeb0b677cc58a868fbaa3ef79942ed96c017fcff058fce3f9e797ea5d3fb46e8c2105486e2c267"
}
