clients are running javascript
go talk to the manager of modern software development and report a performance problem
Discussion
i mean, seriously, you want javascript code to recompose a data structure, emit the new text format, hash it, and THEN also validate a signature?
the language barely even has a notion of byte arrays!
ask nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr about his tale of misery involving javascript secp256k1 schnorr (BIP-340) signature verification
it's heavy work
verifying the hash would be cheaper, and a deep compare over several relays would be faster
i don't hate web browsers and javascript for nothing
it's like writing software in 2010 for commodore 64
the reason why the usual json format of #nostr events includes the hash is so they are friendly to databases, that's it, and all
the actual client side verification of events is nasty... and interfacing performant hash and EC code to javascript is extremely clunky
I'm only saying that validation depends on validating the event id AND the signature. Only doing half validation is exactly as secure as doing neither.
But regardless, I think validation is mandatory at any performance penalty.
nostrudel now does this if you enable it, i suspect that many other clients don't, at all
you want to try and change the way protocols are implemented, have fun staying frustrated