We should write a low level DNS server that accepts requests for naddr domains and returns proper DNS records.
It should return all IPs and tag them with the pubkey so clients can leverage their WoT to pick the best.
Discussion
I applaud this effort. I am curious if you will also do something with certificate issuance, nostr will need to become a 'certificate authority' as well. Or use ws:// and http:// instead of wss:// and https://
It is theoretically possible to have certificates for an IP address signed by a certificate authority but let's encrypt doesn't support it.
The other option I suppose is have clients able to accept and store the certificate for that IP one time only.
The problem with ws:// is that it's easy to man-in-the-middle, so even though nostr uses sigs it still needs encryption on the connection. Eg. on TOR or vpn you gonna get manipulated pretty hard without encryption.
MITM isnāt the issueā¦ itās the inability to resolve without the NNS note.
If you want to connect to a new relay and you only have the NNS name of the new relay, you literally canāt connect if your current set of relays donāt know its IP.
You literally have to ask your relays for permission to join new relaysā¦ because if they withhold the IP, you canāt resolve the NNS and youāre fucked.
MITM is a secondary issue compared to the inability to connect to new relays.
Well that and I'm curious how can it have the names 'owned' by anyone, what is it gonna just be a free for all? I guess just web of trust fixes it handwaves etc? Like anyone can own any name, multiple owners of a name? š¤š So you could take over a name by being more popular. Very interesting world it will be eh? #web5000
There will be a million name conflicts too, yes. Good point. This is a pile of garbage. Itās a fork of nostr that I wonāt follow.
So we canāt try stuff out is what your are saying?
You should try stuff in your head and decide not to code it.
These problems are easy to sniff out beforehand.
But I guess thatās what these discussions are for too.
Honestly, thereās no way nostr will expand without a few changesā¦ but this NIP creates more problems than it solves.
Propose a better solution, have some stake in the game at the very least so we can entertain it.
The spec of the better solution will be released before the next nostr:npub1nstrcu63lzpjkz94djajuz2evrgu2psd66cwgc0gz0c0qazezx0q9urg5l
After nostr:npub1h0rnetjp2qka44ayzyjcdh90gs3gzrtq4f94033heng6w34s0pzq2yfv0g launches on the 4th of July š
Buckle-up. š¢
We arenāt coding anything, itās a proposed NIP and we are having a discussion about it? Calling it a pile of garbage because obviously you know better and saying you wonāt use it because apparently you think so highly of yourself isnāt helping this discussion.
But fine, itās a pile of garbage, whats your solution? I bet itās perfect.
We do have a solutionā¦ Development is already underway. Youāll see soon enough. It scales outbox.
I outlined exactly why NNS breaks ā but you only focused on the mean part of my comment. Focus on the meat of what I said before that.
When the spec is ready, Iāll make sure to share it here first. Iām drowning in work atm preparing for launching nostr:npub1h0rnetjp2qka44ayzyjcdh90gs3gzrtq4f94033heng6w34s0pzq2yfv0g on the 4th of July, but after that it and Nestr are my main focus.
Be patient and I promise not to disappoint. š Iāve been trying to scale the CAP Theorem parameters of Nostr for 2 years straight now, so I get disgruntled when I see half-baked solutions that make relay discovery even more difficult.
Great. Donāt get mad at other people trying out their ideas too just because you have yours.
Let the best idea win out in the game.
You can only own names under your own pubkey.
There will be no collision.
We canāt have any certificate authority because that is centralized by nature.
Not sure how we will solve the SSL/TLS part of the equation but thatās a another problem.
So the naddr contains both the owners pubkey and the relays IP address? That could work. It didn't mention that in the spec..
Sure, public keys work as domains. Did you see the main issue I outlined though? This NIP literally siloes you into the relays youāre connected to & the relays theyāre in-sync with.
If you try to resolve an NNS outside of that corner of the network, you wonāt be able to resolve the IP. This literally centralizes the Nostr network.
Sounds like a great way to totally break the outbox model. What happens when I want to connect to an outbox relay and none of my current relays have its NNS? It literally breaks.