ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ's avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ me@mleku.dev 4 months ago
yeah, there's a lot of areas that the nips are lagging way behind what is actually being used. the "gobbledygook" is regular JSON data. it should be simple to define a thing where there is an app identifier as the keys in the object and then that contains arbitrary json. then the apps wouldn't be clobbering each other's format. it really needs a nip to at least explain this. but client devs are a bit dim and none of them have even thought for a moment about cross-client interop with this feature. probably it would be a lot better if the events were addressable and the label was the app name. i'm not gonna waste my time trying to explain this to either teh nip guardians or the app devs tho. when i make a client, i will define a protocol that is interoperable and then just sorta subtly POINT IT OUT a few times. ideally, i make several clients and then i make it so they interop to demonstrate the principle.
↑ Parent

Replies (1)

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ's avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ me@mleku.dev 4 months ago
also, what is up with freaking out about signers signing and encrypting events anyway? a) nobody else can read it and b) outside the timing of the signals it leaks no information except maybe the app being used. the combined single event encrypted with object with multiple tags for different apps avoids that metadata leak. i don't get what the paranoia is about encrypted events. sure, non-encrypted events being signed willy nilly ok, but if the event is encrypted, it's already one step lower on the risk level.