I applaud this effort.  I am curious if you will also do something with certificate issuance, nostr will need to become a 'certificate authority' as well.  Or use ws:// and http:// instead of wss:// and https://

It is theoretically possible to have certificates for an IP address signed by a certificate authority but let's encrypt doesn't support it.

The other option I suppose is have clients able to accept and store the certificate for that IP one time only.

The problem with ws:// is that it's easy to man-in-the-middle, so even though nostr uses sigs it still needs encryption on the connection. Eg. on TOR or vpn you gonna get manipulated pretty hard without encryption.