Does it make sense to increase proof of work gradually when someone starts to spam?
Discussion
It would be nice for clients to check for frequency of posts and replies and maybe content? But I feel these can be bypassed too. After the check is done I guess report it to relays, relays could also gossip and block publeys and IPs as a rate limit.
A system for increasing difficulty with frequency might make some sense, but falls flat with considering sybil attacks, i.e. they can always generate new keys at no cost, and keys are how you establish frequency to begin with. However, one could also require difficulty in keys. Mine took a machine that can handle 32 threads over 3 days to find.
Makes sense but I would use the IP for this.
I’m using rate limiting with a burst limit for now. That allows for posting multiple chained events over a shorter period, but also caps out at the same max events/minute, etc.
I think there are two kinds of rate limiting for publishing events. One is perhaps IP based (often unique pubkey flooding), but if other relays or users broadcast/push events that may need higher limits. Another is author/pubkey based, but again hydrating backed up events would trigger this.
Another issue is PoW requirements could be different per relay at that point in time. It’s easy to broadcast to many and have some some work. It’s a tricky problem all round.
Honest Nostr clients should use an outbox system anyway (perhaps with per relay success tracking), so rate limits should just be a delay to eventual posting.
Yes. Big time window to allow bursts makes sense. I think PoW requirement should be reported back to client and client can then send another one with higher PoW.