Replying to Avatar Lez

For one, we have relays, they have pubkeys, and yet, we still rely on the certificate chain.

In a better world, relay lists should contain the relay host (or better, its IP) AND its pubkey, and those pubkeys should be directly used in diffie-hellmann key exchange when initializing secure connection.

The problem with this approach is that there is - to my knowledge - no technology embedded in browsers by default that achieves it effectively.
Avatar
Freakoverse 5d ago

Already worked on / working on what you're thinking. On what I've built (still in-dev) resulted in no more reliance on DNS at all, IANA / IP can 'not' be the identity target but rather an NPUB would be, and there's no reliance on CA to co-sign your cert, you self-sign and it's still secure without a need for validity expiration.

Here's a short demo:

https://files.catbox.moe/84bw6j.mp4

Reply to this note

Please Login to reply.

Discussion

No replies yet.