Oddbean new post about | logout
 I'm not sure, I've got an idea of how I'm going to do it but I need to find a good UI for prompting the user to sign the auth requests.
I want it to prompt the user to "Auth once", "Always", "Not this time", "Never" and maybe for a specific number of days. I don't like the trend of nostr clients signing auth events without asking the user 
 Nsec.app will be asking this for nip42 events so just encourage people to use remote signing and problem solved  
 remote signing is a bad idea, but it can be made local, with a reverse proxy and wireguard VPN and running a local NIP-46 bunker

but that's a pretty big obstacle for noobs to jump over, the flow needs to account for this, this is partly why alby is becoming de facto signing device for nostr web apps, and they locked that down to invite only, so this is a big onboarding problem

how do you encourage new users to use paid relays if none of the clients actually support the proper auth flow???? relay devs and relay providers are stuck behind the fence that nobody is building a gate in, still, 1 year later since the spec was made 
 Why is remote signing a bad idea? 
 because your nsec is far away from you 
 the only way i can see it working is if the remote service you connect to via wireguard and your bunker is running on your machine listening on your wireguard address... then the key is in your possession on your computer and not copied to another machine

there might be other ways to make a tunnel, but i know i can do it this way with wireguard already, it is very easy, i run my relay this way and it makes it internet accessible, i can even put all kinds of subdomains to point at any number of web servers i want to run 
 i could probably even set up a service that deploys all this automatically and all you have to do is install one program which opens the wireguard tunnel and signs for you, on your own device... could easily be made for all platforms too, it's a very small thing

would be a combination VPN/bunker service, so you get VPN protection in the deal 
 Nsec.app stores keys in your device, it's running inside browser service worker which is weken up by a push message if server detects that sw is sleeping and not replying  
 alby already handles this and it works, sorta, on coracle

authing is one thing that shouldn't force you to interact every time, you are in, until you are out, almost everything else can be though... alby does distinguish many things, and it definitely separates signing auth challenge events from any other type of event 
 also, yeah, this is part of the problem with the whole client ecosystem altogether... 

nobody seems to know what to do and they do nothing at all, not pointing fingers specifically but the lack of implementation of NIP-42 means the gate to paid relays and chatbots are both quite closed

and most of the relays don't process it properly either! pretty sure you have to write a custom plugin for strfry and the rust relay not heard anything about it supporting this feature, even though it seems to be the most popular