lucash.dev on Nostr: In fact you already have to trust relays for a bunch of stuff. But not even ...
In fact you already have to trust relays for a bunch of stuff.
But not even validating what you can seems a very bad idea.
If validating sigs is too hard for phones — then the protocol doesn’t work for what’s supposed to do — or at least phones aren’t ready to support it yet.
I don’t think it would be that easy to find out for end users. Esp. if most people are using Damus.
It should at very least check a random sample of sigs and have UI for verifying individual notes.
Are sigs really expensive to check, even with Schnorr batch validation?
Quite frankly I wouldn’t have shipped the app without validating sigs. Kinda embarrassing.
But not even validating what you can seems a very bad idea.
If validating sigs is too hard for phones — then the protocol doesn’t work for what’s supposed to do — or at least phones aren’t ready to support it yet.
I don’t think it would be that easy to find out for end users. Esp. if most people are using Damus.
It should at very least check a random sample of sigs and have UI for verifying individual notes.
Are sigs really expensive to check, even with Schnorr batch validation?
Quite frankly I wouldn’t have shipped the app without validating sigs. Kinda embarrassing.