You're sorta talking over my head, I'm afraid. I can't figure out the auth thingy. Who authorizes who when? I need a diagram, or something.
Discussion
Auth is for controlling reads. Without it currently, anything can be read.
Ah, yes. Yes, there's no way to limit reads. No way to be private.
auth is just asking you to prove ownership of a public key
this acts as at least a temporary identity for a session
at best a way to prove you deserve to access privileged data (your DMs)
it is identical in every respect except algorithms to how all password authentication systems work - it's not the password that is stored, it is the hash of the password...
NIP-42 is like CHAP, which is used for dialup and ADSL internet, it sends you a random string, you generate a response, and only teh valid password produces a valid response
Ah okay.