authmageddon comes, my relay dev/operator frens.
I think they're going for the opposite. They are building it so that all events are wide open access. The relays will not be able to ask for AUTH, nor do any kind of rate limits to protect from DoS (other than IP limits, which are flawed and hurt the ToR).
AUTH could be added in to the client, but it likely won't. BUT if it did, then you could have say, per-device auth keys, or keys not tied to any nostr id, just that registration will be harder that way and the relay still cannot protect because it does not know which groups are what. The addition of this complication makes it sound nearly impossible to add later.
So yeah, using auth with it. Seems like a non-starter to me.. Designed like this on purpose. A huge message broker free-for-all to read and write all groups.
AUTH could be added in to the client, but it likely won't. BUT if it did, then you could have say, per-device auth keys, or keys not tied to any nostr id, just that registration will be harder that way and the relay still cannot protect because it does not know which groups are what. The addition of this complication makes it sound nearly impossible to add later.
So yeah, using auth with it. Seems like a non-starter to me.. Designed like this on purpose. A huge message broker free-for-all to read and write all groups.
1🤙1