I was under the assumption to interact with signed content and while I see a performance challenge, not checking the signatures at all cannot be the solution. I'd be fine with a background thread checking signatures, especially of not explicitly trusted relays. So if I explicitly trust relay.x to check signatures, the client could check events from relay.y for either having come from relay.x, too or in a deferred manner check signatures and if any invalid signature is found, flag the relay as bad mark events from it as not checked until they are checked.
Here's Thomas, causing me to notice Damus doesn't check signatures about 6 months before this other security team. Will's fix was just to add a dialog that says don't connect to relays that you don't "trust" and Jack said "Everything comes down to trade offs. Important that it is ultimately verifiable, and that if you require it you could use another client (if the option doesn’t exist to turn it on/off)."
https://nostr.band/note1jz0hgxlhlazxx3nqj06zex5q2eerprtrgssf9whjzx7ps2ufx4dstvl46p
Then here's Vitor fixing the same problem for amethyst same day.
https://nostr.band/note1dnej4y7zu5tgq7kryrq25dmr88lmhzdt0s4vk4gte0ppm0a672asj47g7e
Anyway, just sayin' .. told ya. Nostr without signatures is an abomination, I don't care how slow it is.
Discussion
No replies yet.