Subnostr

mwaters 2y ago

Why do relays need a SSL certificate ? Aren't the messages encrypted and signed ?

Reply to this note

Please Login to reply.

Discussion

cloud fodder 2y ago

Ya, they are, but with SSL you don't risk any kind of mitm shenanigans..

I spent some time verifying that nostr apps do check sigs. All the ones I checked except for damus check sigs.. it's a good thing to verify this in your clients, easy for devs to skip it to make a faster feeling app.

mwaters 2y ago

Thanks for checking the clients and responding to my question.

Aren't the SSL issuing authorities and domain registrars also an opportunity for MITM attacks?

cloud fodder 2y ago

a weakness in 'true' decentralization for sure