the relay needs to know the ephemeral keys, the local signer pubkey and the bunker pubkey, and also the users pubkey. then it can allow tags to those pubkeys (still unfortunate spam vector) but whatever. and then AUTH prevents you downloading the events if you arent tagged.
Discussion
Signer can also have random keys
so, what if you could auth via one key, and that lets you send whatever you want? would that work? i want to build better relays, but i keep running into this freeforall model, nwc is like this too it wont do basic auth.. so its hard to decide if i should implement relay for this if nobody will use it.
yeah as an answer to the idiots saying "authing is doxxing myself" i point out that they could easily designate relays they want to identify with a key and the rest can just do one-shots
but you know what, from writing a spider with auth capability i have discovered that not one grants access that requires auth that i don't have an existing relationship with based on that key
not
one
so their paranoid delusions are pure fantasy, in the real world people only make their relay demand auth to access an account tied to a key. the end.