Replying to Avatar hodlbod

Yep, because nos2x and manual-approve mode on Alby spam the user with signing requests
Avatar
Patrick 2y ago

Then the user shouldn’t specify an auth-required relay in their list ? 🤷

Perhaps the auth request allow-listing should be per relay not just site.

I also don’t think a client should connect to arbitrary relays not already approved. The minimum intersection of my explicit relays and those I follow should be all I’d normally expect client connections to. If clients just keep expanding the relay list dynamically as part of the social graph I don’t see how everybody doesn’t end up hitting malicious relays with no control over it.

Reply to this note

Please Login to reply.

Discussion

Avatar
hodlbod 2y ago

Exactly, ultimately I agree that granular control is the target, this is just a UX stopgap

Avatar
mleku 2y ago

how does anyone know they are auth required or not. but i'd say if they are then that's sorta creepy if you aren't paying.

Avatar
Patrick 2y ago

The NIP-11 relay info response has a place where relays can specify auth is required.

If auth is required and the client doesn’t handle it well then it will just get NOTICEs in response to every REQ. and be oblivious to the fact none of them ever return responses. There’s no way to actually have a failed REQ unfortunately- other than never giving answers.

Avatar
mleku 2y ago

this will be a problem down the track.