I guess we could draw inspiration from SSH on that one, storing the server's pubkey the first time we connect there and then make the server answer a challenge every time we connect. But anyone can connect to a relay (without trying to pose as it) and listen to public events
Discussion
Yep. I need to make sure if somebody in China connects with a US relay, that the US relay is the one being connected to.
Is this in order to make sure a proxy relay wouldn't shadow ban the user or filter what they receive ?
To make sure you don't get censored by your own relay (through government relay without you knowing about it). If gov is in the middle, you can sign as much as you want. The message is not going out.
Yeah, I'm unsure how that could be implemented, unless you're (like SSH haha) encrypting the client<->relay comms (which might also be on top of HTTPS, as most relays run websockets over https) using the server's "known" pubkey
Is there a protocol to make sure the key used for the wss is the expected one? Or is it like https where the client just takes any valid certificate that comes in?