Mike Dilger ☑️'s avatar
Mike Dilger ☑️ mike@mikedilger.com 6 months ago
I agree that you can have your IP addresses rug-pulled just like you can have your DNS rug-pulled. But using a keypair for a relay solves some other things. It allows a single relay to serve multiple endpoints (e.g IPv4, IPv6, Tor). It avoids the confusion of clients not knowing if a URL path is a new relay or the same relay. And it allows relays to switch endpoints in the event that DNS and IP addresses are both pulled, without all the clients not being able to know that it is the same relay. Also CAs won't need to be trusted anymore if we use that keypair for TLS. CAs are such a scam. I've done some development at
GitHub
GitHub - mikedilger/alt-tls: TLS provider for rustls supporting ed25519, plus tools
TLS provider for rustls supporting ed25519, plus tools - mikedilger/alt-tls
 on this, but haven't gotten it working with secp256k1 keypairs yet (I think I can, but it would not be standards compliant and wouldn't interoperate with other SSL software) But this change is massively disruptive to how nostr currently works. Relay URLs are all over the place currently. Maybe there is a migration path, but it seems rugged with a lot of switchbacks, and you'll have to carry a water bottle to make it to the end.
↑ Parent

Replies (2)

Garbage nsec's avatar
Garbage nsec garbagensec@NostrAddress.com 6 months ago
But why not just blockchain domains and TLS fingerprinting or DANE? No CAs in the mix, and if you lose your IP then just pick up another, domain stays the same. It's dynamic resolution, alt-root updates are instant more or less, and you stick to URLs. Going after the entire network fabric is cool and all, but is there really a need?
2 replies ↓