Nostr

Yes, you can use IP directly. I am not sure about the CA cert, but you can definitely do CA on the IP level and not in the domain level.

But my main point is that clients need to find events. And the way we do it today is based on fixed relay sets. Nip65 allows people to migrate from relay to relay AND tell everyone following them where all the events can be found, similar to an update in the DNS registry to a new IP.

5dcd8ebc... 2y ago

"you can definitely do CA on the IP level and not in the domain level" - doesn't help with cabal certs. It's better to use a mesh ipv6 vpn and skip the redundant TLS layer. Non-cabal certs require another browser extension (and standard metadata for apps to know when to veto a cabal CA signature).

Reply to this note

Please Login to reply.

Discussion

Dimi 2y ago

https://github.com/markqvist/Reticulum

Thoughts?

Vitor Pamplona 2y ago

I have not tested self certificates, but it could work in native (user can choose to trust). I am not sure about web clients, though.

5dcd8ebc... 2y ago

Browsers let you add your own CAs, no problem. What they DON'T do is provide a way to NOT trust a CA for all domains.