Oddbean new post about | logout
hazardmack | 2 months ago (raw) | export | reply | flag 
 Is there or will there be a way for nostr relays to whitelist/blacklist read access? Relays can restrict write access but what about read access? Thinking about making subscription ids signed by a private key and then the nostr relay checks against whitelisted public keys and rejects unverified subscriptions. Could also use auth server.  #AskNostr
hazardmack | 2 months ago (raw) | root | parent | reply | flag +1 
 @Raymon @ManiMe @Sebastix @rabble @ryan
Raymon | 2 months ago (raw) | root | parent | reply | flag 
 Hm, there are already some client auth techs on the session level, like TLS for example, or http-auth. But yes, private relays totally make sense.
Raymon | 2 months ago (raw) | root | parent | reply | flag 
 mTLS, sorry
ryan | 2 months ago (raw) | root | parent | reply | flag +3 
 What is the most efficient way to manage read access permissions on a relay?   @fiatjaf
ManiMe | 2 months ago (raw) | root | parent | reply | flag 
 AFAIK, this is done by sending a NIP-42 ephemeral event. Regular HTTP auth DOES NOT WORK over nostr, because there is no server side to verify credentials. NIP-42 is how relays can dynamically authenticate client access.
https://github.com/nostr-protocol/nips/blob/master/42.md
Raymon | 2 months ago (raw) | root | parent | reply | flag 
 Can use mTLS and make the cert offloading in an apache reverse proxy?
hazardmack | 2 months ago (raw) | root | parent | reply | flag 
 Thanks! I took a look and it and definitely in line with what I’m looking to do. Probably have to make a relay specific implementation to distinguish permissions amongst pubkeys.
fiatjaf | 2 months ago (raw) | root | parent | reply | flag 
 https://khatru.nostr.technology/
hazardmack | 2 months ago (raw) | root | parent | reply | flag 
 Hey fiatjaf, I’m digging through khatru, cool stuff. I’m confused how botj read only and read/write permissions can be set with NIP-86 Authed pubkeys for a relay if the API only has one Allowed Pubkeys list? Any help would be appreciated, thanks.
fiatjaf | 2 months ago (raw) | root | parent | reply | flag 
 You have to interpret the instructions depending on your context. Khatru doesn't have an "allowed pubkeys list", that must be defined specifically by your relay implementation.