no, if you want to require auth you should close the connection and respond with `auth-required` to make it explicit that you won't let them pass until they AUTH there's an in-between state (in which I am and why I ask) in which I want to allow people to AUTH but not require it. We already have these as separate verbs so the protocol allows for this expressivity, but I doubt clients will not interpret AUTH as an possibility to auth rather than a requirement
there is a fairly high cost in handshaking that's the reason why i stand by what i say - just accept the connect, drop the messages, think like a firewall, what do you do to defeat a spammer? first port of call is ignoring them
no, I understand that if your relay keeps getting bombarded with clients that are not getting the hint that they won't pass without AUTHing ignoring them makes a lot of sense
it's what the relay should do if the clients don't respond with auth, to conserve resources
btw, i see your client is sending your events to my relay... haha
you have it on your nip-65 right?
lol these stupid codes i suppose if #coracle sends them out then it sends them out ffs how exactly did this improve over relay lists? also, when can we migrate from the retardation of bureaucratic number lists to human readable codes? you know, bureaucracks are fucknig inhuman right?
also, what makes you think that a client sending an auth envelope with a challenge is not a requirement????
you mean a relay right? in my relay it's not a requirement, but because there's no way for the client to initiate the AUTH my relay needs to send an AUTH out of the gate but if the client doesn't want to AUTH it's fine, they can keep using the relay, just with a "limited" view whereas if a relay tells you "auth-required" that's a more explicit signal that you need to AUTH to talk to it (or at least to execute that filter)
yeah that is retarded nip-11 already says auth-required i send auth i want auth no auth silence ping pong ping pong ping pong and no REQ that's what works in the real world, i've kept my client open most of the time in order to gather intelligence about how retarded the clients are and that's my conclusion unless you can forward a GTFO request upstream to your reverse proxy then just entertain them with silence