I like it, but signing every response is a pain, and its utility is relative, since the contained events are signed; so if an IP is reused by a bad actor the worst result would be the receiving of random events inconsistent with the request.

Maybe we can simply add a PING call, that generates a signed "PONG" response, so a client can every now and then verity the relay IP.