you have to do a challenge because otherwise you enable playback attacks and MITM
DM is the CLI of nostr, almost nobody has developed it yet tho, even though potential
mainly because of authentication
https://github.com/Hubmakerlabs/replicatr/blob/main/app/chat.go
this is some code i wrote that provides a bypass to allow auth as with NIP-42 but manually in DM
Discussion
Server can keep track of ids and disallow timestamps that are out of bounds. No need for a challenge