Replying to lucash.dev

In fact you already have to trust relays for a bunch of stuff.

But not even validating what you can seems a very bad idea.

If validating sigs is too hard for phones — then the protocol doesn’t work for what’s supposed to do — or at least phones aren’t ready to support it yet.

I don’t think it would be that easy to find out for end users. Esp. if most people are using Damus.

It should at very least check a random sample of sigs and have UI for verifying individual notes.

Are sigs really expensive to check, even with Schnorr batch validation?

Quite frankly I wouldn’t have shipped the app without validating sigs. Kinda embarrassing.
82
lucash.dev 2y ago

Are all clients the same? The android one too?

And the web ones?

If that’s the state of Nostr, then you shouldn’t use it on mobile.

I always said Nostr relays were trusted third parties — and the trust model is essentially the same as with existing centralized platforms.

But not even checking sigs removes the one thing Nostr improved.

If you don’t validate sigs you’re much better off just using Twitter.

Reply to this note

Please Login to reply.

Discussion

No replies yet.