Say I am connected to wine and some other shitty relay I once trusted. This shitty relay gets compromised and sends me a NOTIFY invoice to pay for my wine subscription.

It is then up to the client's implementation making sure to properly inform the user which relay sent the NOTIFY.

If the NOTIFY message is exactly the same as the one I am used to getting from wine, I may fat finger it.

Also, while difficult to achieve, man in the middle attacks can also exploit users into paying for nefarious invoices.

This is a cool feature but sounds dangerous without relay key/signature in place.

Am I getting this wrong or time for a NIP for an extra relay trust layer which is not handled by transport/os?