Nostr Web Client

I wonder if per-event signing like Nostr might even be a net negative? Homeserver as source of truth sounds balanced for me—events flying around the indexer or however that works I think maybe I'd rather not be signed, that gives plausible deniability when needed and plausible deniability can be very useful. On the flip slide, if someone is suspicious and does want to verify an indexed event of mine then just have a look at my homeserver, not so hard.

Big Bad John 8mo ago

We did not include signing all data for a reason. It doesn't actually fix anything.

Some of the problems people quote to justify signing everything are only theoretical problems (you never hear about trusted servers mutating data really,, despite it being possible). And all of the problems signing introduces are ignored.

If you want attestation or proofs there are better ways to do it either incidentally or inherently with tree structures.

I'd rather have a mirror/watchtower than a bunch of floating signed messages inconsistently available across relays.

Reply to this note

Please Login to reply.

Discussion

Garbage nsec 8mo ago

Yeah I'm open to that argument. Confidence is a lowest common denominator; if you're confident data is being signed but not not confident it's being made locatable and available then stands to reason you're not confident overall and would still need some fallback anyway.