clients must sign the events or the relay will not accept them, unlike clients, relays don't have the ability to skip that step
the signer is the issue then, but i personally dispute the theory that a web app can't be trusted to keep keys
most shitcoin web apps keep keys in the browser, there is strong isolation in web browsers now in part because of the amount of apps now existing that need to make and check signatures, i mean, the app i'm building part of the back end infrastructure for right now even uses a third party web service called web3auth that secures the key for users, i mean, lol, nostr devs worrying about their singular client app leaking secrets is quite laughable, and then on top to be complaining about then how signers, which are supposed to implement policies for signing, both bunkers and extension signers, i fail to see what the basis is for the complaint
i'm inclined to even say that if i was to build a web based client (and i'm part way through building a bunker) that i'd probably retain the option of the user being able to sign in with an nsec
the danger of breach is way overblown, browsers are not as insecure as they were even just 5 years ago, and back in 2016 i was using a web app that signed events to publish to a blockchain forum system was all there and literally zero incidents of people losing control of keys. 9 years ago.
no, because it's very unclear and to me it just sounds like you are complaining about signers being burdensome on users, and outside of your control as client dev
i think i made the point pretty clearly that you DON'T have to kow-tow to the idiotic consensus that you "must use detached signers" for it to be a secure app, the only real concern is that users may become complacent about rogue apps, but equally they could become complacent about signers if more of them existed, so really the problem is moot, eggs, basket, same same
imagine how it is as a relay dev when for 6 months of the time i was in development with #realy, i couldn't find a client that actually let me point at my relay and ensure it was even working??? it just seems like a petty complaint to talk about UX of detached signers when you do have the option of controlling that yourself as client dev, not only that, you could bundle your own signer, there is already several forks of nos2x and you could just make your own that has sane policies built into it that fit your needs
what is it that i'm missing here?
not only that, because i'm a relay dev, and constantly watching logs of what the client is doing, the number of times i see jumble pushing encrypted events of configuration events and mute lists also makes me really wonder what you are talking about, and maybe you have somehow forgotten about my issue, ongoing, with the lack of ability to disable private mutes in jumble?
this is a feature that kills all of the benefits of jumble for me as a relay dev because i depend on public mute lists to implement a blacklist for pubkeys on my relay, as soon as alexandria is into release i'm not going to be using any clients funded by opensats, for reasons of the endless instability and lack of minimal features required for my work, i know that stella cares about what us relay devs think because she knows that we are building the foundations of this protocol, and ignoring it is like expecting a building to stay up without laying foundations to stop the ground shifting and collapsing the walls
Showing page 1 of
1 pages
