Oddbean new post about | logout
 We should write a low level DNS server that accepts requests for naddr domains and returns proper DNS records.

It should return all IPs and tag them with the pubkey so clients can leverage their WoT to pick the best. 
 I applaud this effort.  I am curious if you will also do something with certificate issuance, nostr will need to become a 'certificate authority' as well.  Or use ws:// and http:// instead of wss:// and https://

It is theoretically possible to have certificates for an IP address signed by a certificate authority but let's encrypt doesn't support it.

The other option I suppose is have clients able to accept and store the certificate for that IP one time only.

The problem with ws:// is that it's easy to man-in-the-middle, so even though nostr uses sigs it still needs encryption on the connection. Eg. on TOR or vpn you gonna get manipulated pretty hard without encryption. 
 MITM isn’t the issue… it’s the inability to resolve without the NNS note.

If you want to connect to a new relay and you only have the NNS name of the new relay, you literally can’t connect if your current set of relays don’t know its IP.

You literally have to ask your relays for permission to join new relays… because if they withhold the IP, you can’t resolve the NNS and you’re fucked. 
 MITM is a secondary issue compared to the inability to connect to new relays. 
 Well that and I'm curious how can it have the names 'owned' by anyone, what is it gonna just be a free for all?  I guess just web of trust fixes it handwaves etc?  Like anyone can own any name, multiple owners of a name?  🤔😁 So you could take over a name by being more popular.  Very interesting world it will be eh?  #web5000 
 There will be a million name conflicts too, yes. Good point. This is a pile of garbage. It’s a fork of nostr that I won’t follow. 
 So we can’t try stuff out is what your are saying?  
 You should try stuff in your head and decide not to code it.

These problems are easy to sniff out beforehand.

But I guess that’s what these discussions are for too. 
 Honestly, there’s no way nostr will expand without a few changes… but this NIP creates more problems than it solves. 
 Propose a better solution, have some stake in the game at the very least so we can entertain it. 
 The spec of the better solution will be released before the next @thenostrworld 

After @HORNETS launches on the 4th of July 🚀

Buckle-up. 🎢 
 We aren’t coding anything, it’s a proposed NIP and we are having a discussion about it? Calling it a pile of garbage because obviously you know better and saying you won’t use it because apparently you think so highly of yourself isn’t helping this discussion.

But fine, it’s a pile of garbage, whats your solution? I bet it’s perfect. 
 We do have a solution… Development is already underway. You’ll see soon enough. It scales outbox.

I outlined exactly why NNS breaks — but you only focused on the mean part of my comment. Focus on the meat of what I said before that.

When the spec is ready, I’ll make sure to share it here first. I’m drowning in work atm preparing for launching @HORNETS on the 4th of July, but after that it and Nestr are my main focus.

Be patient and I promise not to disappoint. 🙏 I’ve been trying to scale the CAP Theorem parameters of Nostr for 2 years straight now, so I get disgruntled when I see half-baked solutions that make relay discovery even more difficult. 
 Great. Don’t get mad at other people trying out their ideas too just because you have yours.

Let the best idea win out in the game. 
 Mate, that’s not it at all… if you can’t take criticism, pack-up shop now.

I’m just pointing out why NNS doesn’t scale. It’s nothing personal. 
 I agree — let the best ideas win.

I’ll see you guys on the other side, where there are no URLs or missing notes. 🚀 
 You can only own names under your own pubkey.
There will be no collision.
We can’t have any certificate authority because that is centralized by nature.

Not sure how we will solve the SSL/TLS part of the equation but that’s a another problem. 
 So the naddr contains both the owners pubkey and the relays IP address?  That could work.  It didn't mention that in the spec.. 
 Sure, public keys work as domains. Did you see the main issue I outlined though? This NIP literally siloes you into the relays you’re connected to & the relays they’re in-sync with.

If you try to resolve an NNS outside of that corner of the network, you won’t be able to resolve the IP. This literally centralizes the Nostr network. 
 Sounds like a great way to totally break the outbox model. What happens when I want to connect to an outbox relay and none of my current relays have its NNS? It literally breaks.