patrick on Nostr: Then the user shouldn’t specify an auth-required relay in their list ? 🤷 Perhaps ...
Then the user shouldn’t specify an auth-required relay in their list ? 🤷
Perhaps the auth request allow-listing should be per relay not just site.
I also don’t think a client should connect to arbitrary relays not already approved. The minimum intersection of my explicit relays and those I follow should be all I’d normally expect client connections to. If clients just keep expanding the relay list dynamically as part of the social graph I don’t see how everybody doesn’t end up hitting malicious relays with no control over it.
Published at
2023-10-11 00:39:57Event JSON
{
"id": "2d287df91bd2427b7fdbbb1f3ef9d745a3255454dc1b264831c85d80212c8225",
"pubkey": "750b76292bb56a0058090a23c8556e98575c5b23d2d8b5697643364647369186",
"created_at": 1696984797,
"kind": 1,
"tags": [
[
"e",
"2c640d5af2046ce69686fe57e43a90386b62db9ab04776afc420aa5c81d92e14",
""
],
[
"e",
"cc30c510f79f8fb5552510198f96e4f4df1266b990a1a3667aa6b2b0ce5f28f9"
],
[
"p",
"7cc328a08ddb2afdf9f9be77beff4c83489ff979721827d628a542f32a247c0e",
"wss://relay.damus.io"
],
[
"p",
"dff36e5ee6003413b8a6a2615d1712b453c289dee057c90e9416c3cbde553f22",
"wss://relay.damus.io"
],
[
"p",
"97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322"
]
],
"content": "Then the user shouldn’t specify an auth-required relay in their list ? 🤷\nPerhaps the auth request allow-listing should be per relay not just site. \nI also don’t think a client should connect to arbitrary relays not already approved. The minimum intersection of my explicit relays and those I follow should be all I’d normally expect client connections to. If clients just keep expanding the relay list dynamically as part of the social graph I don’t see how everybody doesn’t end up hitting malicious relays with no control over it.",
"sig": "e9eb1ed4d173cc85154411e1d45d44057f65beaed0a5c8acbdbd0d5e51e62be4a5ed20d69da33b1bbb57b0c542c151ff72ef751483fa63519bf52f150a28c6ec"
}