Oddbean new post about | logout
benthecarman | 8 months ago (raw) | root | parent | reply | flag +1 
 Can't do https with raw ips normally
Vitor Pamplona | 8 months ago (raw) | root | parent | reply | flag 
 You can. Just register the IP on the SSL certificate instead of the domain name.
hodlbod | 8 months ago (raw) | root | parent | reply | flag +1 
 Certs are centralized too
Vitor Pamplona | 8 months ago (raw) | root | parent | reply | flag +1 
 Yep, but one step at the time.
Ademan | 8 months ago (raw) | root | parent | reply | flag 
 Add a fragment identifier to the relay urls containing the cert fingerprint? Like this: "wss://69.69.69.69/endpoint #fp =<CERT_FINGERPRINT>" ?

Pretty sure you can trust the event for the cert fingerprint, if it's wrong you'll just fail to reply or fetch related events.

In fact, does TLS between client and relay really just amount to MITM protection for privacy+censorship resistance?