Nostr Web Client

Doesn't WebTransport get you CA-less QUIC in browser? Via the server cert hashes thing? Like as long as it matches one of the hashes *you* provide then you're good?

Mike Dilger ☑️ 5mo ago 💬 1

So WebTransport still fails us in a few ways:

* You still lose Tor support. Tor is TCP based.

* You can't connect to a server and verify it by it's public key, you have to have a hash of its certificate somehow

* Client-side certficates still use Web PKI, so can't be used for AUTH

* You layer on a lot of complexity (https://www.w3.org/TR/webtransport/ is not straightforward) with marginal benefits.

I agree with nostr:npub1w4jkwspqn9svwnlrw0nfg0u2yx4cj6yfmp53ya4xp7r24k7gly4qaq30zp about being "connection type agnostic". A message-based protocol can run over any transport, including bluetooth, or paper airplanes.

Reply to this note

Please Login to reply.

Discussion

Garbage nsec 5mo ago

I think it's worth digging a little.

I'm not big on TOR at all, so if that's a game-changer then fair.

Tying a public key to a long-lived hash may be doable, though you'd need a refresh mechanism for when the browser forces. Again though worth digging.

For Web PKI I read chatter before on some kind of push for secondary authentication, who knows, all very new.

Complexity, no doubt.

But I will say that if the performance you get with iroh holds up then it might be worth every trade-off. For me, p2p with this kind of performance is just nuts. Never in my internet history.