Replying to Avatar Bauzen

Possible to elaborate on this for non-tech people?
Avatar
Mazin 2y ago

Sure. A nostr event is structured like this:

{"pubkey":"3d842afecd5e293f28b6627933704a3fb8ce153aa91d790ab11f6a752d44a42d","content":"Reminder: many nostr clients do not validate event signatures. Choose your relays carefully.\n\nGood morning.","id":"4507934f647958e934f3b67fff32c7b5a4b9e5f42042cf98f2f10ba0159db6bb","created_at":1695042973,"sig":"7cc63f85f2b7956280a7124aca7add92741c9f26b78843a082a2c65c79aa4510e7fb097f5c3d3c1f97e4a445e2673c5b955f19ab02d5630b4d1189cfdf4d4652","kind":1,"tags":[]}

The “sig” field is used to validate that my private key signed the note. Most (all?) relays validate these signatures as the event comes in before storing it. Most clients do NOT validate the signature when receiving events from relays. The risk of not validating is that a relay could alter a users notes without detection.

Reply to this note

Please Login to reply.

Discussion

Avatar
Bauzen 2y ago

Thank you for that… 🙏

Would verifying the sig slow down the process of loading feeds?

I recall Nostr being super slow, and now it has sped up… but is this the reason?

Or is this purely a security feature to prevent anything/anyone to potentially alter a note?

Avatar
Mazin 2y ago

Correct, it’s a performance trade off. Some clients like Nostur (made by nostr:npub1n0sturny6w9zn2wwexju3m6asu7zh7jnv2jt2kx6tlmfhs7thq0qnflahe) have a toggle to turn validation on and off.

Avatar
Bauzen 2y ago

Perhaps some performance trade-offs sacrificed by these clients who verify can be mitigated by implementing a smoother scrolling UX like primal vs damus… but at the end of the day, the notes don’t load fast as is, we would all need to adopt paid relays right off the bat, just to handle the volume of data.