Default avatar
npub10npj...tl5h 2 weeks ago
I was just looking into that a few days ago. There is only one giftwrap in whitenoise proto. For being invited into a group. After that it's built for wide open download for all those events. The changing/rotating of the keys is it's only protection (nothing on the internet I know of exposes it's data that widely).. Seemed strange to me. But your assessment is correct and using AUTH does not seem like it can help them much. (other than protecting the join event).
↑ Parent

Replies (1)

mleku's avatar
mleku mleku@smesh.lol 2 weeks ago
ohhh hmmm that's a big problem, i just finally noticed after reading twice what you mean. how are you going to stop the relay in one way or another knowing who sent the messages either which way. by auth, then at best you can use a bloom filter to identify who is allowed, but then the auth event reveals membership pretty quickly anyway. literally, MLS *requires* trusting the relay, or am i misreading this?
1 replies ↓