I actually want to see it on kind 0 (or at least, it should only be over the pubkey + nonce, it could still be attached to kind 1s though).
On kind 1s, a spammer and a legitimate user are on completely equal footing, whereas on kind 0, the spammer needs to regenerate a new POW for every new account (once it gets blocked) and a legitimate user only needs to generate it once, which means the legitimate user can invest more into their single proof.
Reminds me of powmem https://github.com/telamon/powmem
Interesting idea. IMHO the more hashing the better
nostr:nprofile1qqsr9cvzwc652r4m83d86ykplrnm9dg5gwdvzzn8ameanlvut35wy3gpz4mhxue69uhk2er9dchxummnw3ezumrpdejqzxrhwden5te0wajkccm0d4jjumn0wd68ytnhd9hx2qg5waehxw309aex2mrp0yhxgctdw4eju6t0dkf2rh you authored NIP-13 which commits to almost the entire event. I think PoW for individual keys is asymmetric in favor of legitimate users, vs PoW for individual events, am I off base here?
