Oddbean new post about | logout
Vitor Pamplona | 8 months ago (raw) | root | parent | reply | flag +3 
 Start with IPs in a replaceable event instead of fixed urls on each signed event. That's already a huge step.
benthecarman | 8 months ago (raw) | root | parent | reply | flag +1 
 Can't do https with raw ips normally
Vitor Pamplona | 8 months ago (raw) | root | parent | reply | flag 
 You can. Just register the IP on the SSL certificate instead of the domain name.
hodlbod | 8 months ago (raw) | root | parent | reply | flag +1 
 Certs are centralized too
Vitor Pamplona | 8 months ago (raw) | root | parent | reply | flag +1 
 Yep, but one step at the time.
Ademan | 8 months ago (raw) | root | parent | reply | flag 
 Add a fragment identifier to the relay urls containing the cert fingerprint? Like this: "wss://69.69.69.69/endpoint #fp =<CERT_FINGERPRINT>" ?

Pretty sure you can trust the event for the cert fingerprint, if it's wrong you'll just fail to reply or fetch related events.

In fact, does TLS between client and relay really just amount to MITM protection for privacy+censorship resistance?
Diacone Frost | 8 months ago (raw) | root | parent | reply | flag 
 I know that you like IPs, but DNS has nice features too, like (geo) balancing.

I repeat myself, but I find the whole process of IP assignment as much bigger problem. It's kindof central by design ...