Oddbean new post about | logout
brugeman | 4 months ago (raw) | root | parent | reply | flag +2 
 I agree with you on auth part, especially given that signer apps can have special cases for file uploads like "sign uploads auths for this hash for any server for 5 minutes"

And I am in Spain too, beers sound nice
hzrd149 | 4 months ago (raw) | root | parent | reply | flag 
 I would love to meet up. Although I'm cycling the Camino de Santiago right now so I'm not really in one spot for more than a day.
I just left Burgos this morning and I'll probably stop somewhere around Hornillos del Camino at noon

As for the auth event I agree it could work with NIP-98 and the signed could handle multiple events. However I dislike nostr apps asking for more than one signature for a single action.
The way I think about it, it is a single action. Your not signing to upload to a server. Your signing the hash + expiration so it can be uploaded to any server.
Again I'm thinking of it like nostr events. You sign once and publish to multiple relays
Water Blower | 4 months ago (raw) | root | parent | reply | flag +1 
 You are cycling and doing Nostr dev at the same time?
hzrd149 | 4 months ago (raw) | root | parent | reply | flag 
 No development, I left my laptop at home. but I've been doing a lot of thinking 😀
Water Blower | 4 months ago (raw) | root | parent | reply | flag 
 And you are unicycling? Legendary 

I wanted to learn it when I saw the British YouTuber unicycling around the world years back.
brugeman | 4 months ago (raw) | root | parent | reply | flag 
 Ohh that's way too far up to the North :(

Blossom servers should probably support both ways - "upload anywhere" and "upload only here", otherwise I'm forced to assume the server and app might reupload my file anywhere. Maybe nip98 needs a list of servers instead of just one. 

People had to invent "-" tag for events to prevent this permissionless rebroadcasting with relays, I'm sure the same question will rise with files.
hzrd149 | 4 months ago (raw) | root | parent | reply | flag +1 
 Sorry to hear that, although maybe we will meet at nostriga?

The permissionless rebroadcasting is the point, that's how we get censorship resistance.
Blossom and NIP-96 are designed for public media, neither have the expectation that the media will be kept private.

I wouldn't be opposed to making my blossom-server implementation support NIP-96, however I don't think it would make sense to add it as a requirement to the protocol since supporting two event kinds would double the complexity
mleku | 4 months ago (raw) | root | parent | reply | flag 
 http authed webdav already does that use case anyway
brugeman | 4 months ago (raw) | root | parent | reply | flag +1 
 Anyone can rebroadcast file permissionlessly by authing with their own keys. But ok, maybe delegating this to a server to save bandwidth is an added benefit. Will see how it develops
brugeman | 4 months ago (raw) | root | parent | reply | flag 
 Haven't decided about nostriga yet
quentin | 4 months ago (raw) | root | parent | reply | flag +1 
 @hzrd149 I will get back to you shortly, sorry for the delay. I began to understand your approach with blossom. And how the files move through servers