Nostr Web Client

Start with IPs in a replaceable event instead of fixed urls on each signed event. That's already a huge step.

Can't do https with raw ips normally

Please Login to reply.

You can. Just register the IP on the SSL certificate instead of the domain name.

Certs are centralized too

Yep, but one step at the time.

Add a fragment identifier to the relay urls containing the cert fingerprint? Like this: "wss://69.69.69.69/endpoint #fp =" ?

Pretty sure you can trust the event for the cert fingerprint, if it's wrong you'll just fail to reply or fetch related events.

In fact, does TLS between client and relay really just amount to MITM protection for privacy+censorship resistance?