Replying to Avatar mwaters

Why do relays need a SSL certificate ? Aren't the messages encrypted and signed ?
Avatar
cloud fodder 2y ago

Ya, they are, but with SSL you don't risk any kind of mitm shenanigans..

I spent some time verifying that nostr apps do check sigs. All the ones I checked except for damus check sigs.. it's a good thing to verify this in your clients, easy for devs to skip it to make a faster feeling app.

Reply to this note

Please Login to reply.

Discussion

Avatar
mwaters 2y ago

Thanks for checking the clients and responding to my question.

Aren't the SSL issuing authorities and domain registrars also an opportunity for MITM attacks?

Avatar
cloud fodder 2y ago

a weakness in 'true' decentralization for sure