patrick on Nostr: Then the user shouldn’t specify an auth-required relay in their list ? 🤷 Perhaps ...
Then the user shouldn’t specify an auth-required relay in their list ? 🤷
Perhaps the auth request allow-listing should be per relay not just site.
I also don’t think a client should connect to arbitrary relays not already approved. The minimum intersection of my explicit relays and those I follow should be all I’d normally expect client connections to. If clients just keep expanding the relay list dynamically as part of the social graph I don’t see how everybody doesn’t end up hitting malicious relays with no control over it.
Perhaps the auth request allow-listing should be per relay not just site.
I also don’t think a client should connect to arbitrary relays not already approved. The minimum intersection of my explicit relays and those I follow should be all I’d normally expect client connections to. If clients just keep expanding the relay list dynamically as part of the social graph I don’t see how everybody doesn’t end up hitting malicious relays with no control over it.