Just allow clients to accept hash of the nsec