Replying to Avatar daniele

I like it, but signing every response is a pain, and its utility is relative, since the contained events are signed; so if an IP is reused by a bad actor the worst result would be the receiving of random events inconsistent with the request.

Maybe we can simply add a PING call, that generates a signed "PONG" response, so a client can every now and then verity the relay IP.
Avatar
Constant 6mo ago

Agreed, this part got me wondering.

Thing is, not all request are as explicit such that you know what you are getting is "wrong"; therefor to the extend you rely on the moderation/censorship performed by the relay, this breaks in such an attack.

A handshake and/or periodical check should cover most attacks other than some super sophisticated targeted ones where networks themselves are pwnd, though im not sure about that.

I'd say those would be marginal enough to deem the measure sufficient

Reply to this note

Please Login to reply.

Discussion

No replies yet.