If I understood what I read.
This is an authentication layer for the websocket subscription filter?
So for example, instead of giving everyone access to pull DMs, you only serve the DMs to their owners after they prove they are the owners.
That’s nice. Any downsides to this?
That’s exactly it! We already use this on nostr.wine to protect your DM metadata.
When you try to request a DM from nostr.wine, we send an AUTH challenge through the socket. Your client signs and returns the challenge so that we know who is making the request. We user this information to only allow the sender or receiver to request DMs.
There main downside is decreased privacy from the relay operator as it becomes easier to associate REQs with a pubkey (though it can be done without AUTH anyway).
Thanks for the transparent response.
Oddbean new post about login | logout