Oddbean new post about | logout
jb55 | 7 months ago (raw) | root | parent | reply | flag 
 It would also simplify my relay specific note spec by specifying the relay pubkey that its destined for instead of dns name

https://github.com/nostr-protocol/nips/pull/1146

We could also then ditch certs and use the pubkey for a noise-protocol connection like we do on lightning
jb55 | 7 months ago (raw) | root | parent | reply | flag +1 
 I guess the main downside of the cert thing is that browsers do not allow ws:// connections in a https context :/

Did i mention i hate the web
mleku | 7 months ago (raw) | root | parent | reply | flag 
 i highly recommend the use of wireguard, reverse proxies and letsencrypt (i have a nice one https://mleku.dev/git/lerproxy - the R is in the name as i intend to eventually add URL rewriting to it, but haven't wrapped my head around it yet)

if you have never used wireguard yet, today's a good day to play with it

i used to wish it was easier to do SSH tunnels for years and then somehow i finally was persuaded to look at wireguard and i've never looked back

they use better encryption than SSL/TLS too, using chacha20 Curve25519 ECDH, Blake2S hash/MAC, Siphash24 for hash tables and HKDF

https://www.wireguard.com/protocol/
mleku | 7 months ago (raw) | root | parent | reply | flag 
 https://en.wikipedia.org/wiki/WebSocket

yes... you have to expose always http/s and then "upgrade" to tcp based websockets

this is only a limitation to bend everyone into the cage that web devs are stuck inside

i pray to God one day that there will be no more web browsers, only native apps