Oddbean

“my point is that a user can be told "oh, you can't see my notes, connect to my wss://evil-relay.com" -- I don't do any due diligence before manually adding a new relay to my list, I expect my client to not get buffer overflowed and leak my nsec or not be abused. That's the point I'm making wrt to the client needs to be hardened anyway.” ✅ + If you’re sending a note hash of a missing note to an unknown relay and the relay replies with anything but the note corresponding to the hash, then discard the data and disconnect. What do you think about implementing the outbox model as a backup mechanism to the normal way of doing things? This way it isn’t one or the other, it’s more like a fallback mechanism for if your set of relays are missing the note/if you can’t sync it to your Damus client-relay. Layers of redundancy… nostr:note1djlkfuam8k03r6rryv5mma9jwzzs998juadayl0facg3wejcfh8s6hwc0f

Gossip does it like that actually. If a followed person doesn't have a relay list, and we have no data about what relays would be appropriate, then it reads from a user-configured set of READ relays. These may or may not be exactly equal to the user-configured set of INBOX relays published in kind-10002 NIP-65 event. It has to do this because so many clients use centralized relays. So if I want to follow those people I have to add things like relay.damus.io as a personal READ relay or else I'll miss out on those people's events.