Comments (3)
Also, are relays supposed to verify the signature? Or only the end clients?
Everybody is supposed to verify, but it's your choice. If you don't verify you risk becoming a bad actor that spreads fake data and not being used by anyone eventually.
from nostr.
To my first question, I think I found the answer here:
https://crypto.stackexchange.com/questions/15295/why-the-need-to-hash-before-signing-small-data
If you do not hash the data before signing you cannot have one consistent signature algorithm, because you could only sign messages up to a certain size and if the size of the message gets too large you would need to hash. But that is not a good practice for signature schemes. More importantly, there are signature schemes which can easily be forged when the data is not hashed, such as RSA, see my answer here. In order to have security independent of the size of the signed message, we typically use this hash-then-sign paradigm, i.e., hash the plain message before performing signing operations on it, and thus the signature algorithm works for any size of the message and we do not really have to care about the message size.
Can you answer the second question?
from nostr.
are relays supposed to verify the signature?
i guess no, this would be a waste of cpu time
i guess yes, this makes everything simpler.
broken data is detected early, and is not stored/forwarded
from nostr.
Related Issues (20)
- faq: Is there any proposal in nostr to schedule notes or events? HOT 4
- faq: Is there any proposal to use tor routes to anonymize who sends and writes things in nostr? HOT 1
- news: nostr+peertube
- What about the duplicate content problem? HOT 2
- Noster
- Suggestion for docs code formatting
- Suggestion: the ability to delegate to other keys
- Why are relays needed and how does the key-based routing work? HOT 3
- Can't open burger menu on mobile HOT 1
- Typos in URLs on nostr.com/contribute HOT 1
- Any IRC channels? HOT 1
- "Get started" guide is broken in many places HOT 2
- Missing License Information HOT 1
- Nostr Improvement Proposal: Relay-Hosted Personalized Dictionaries HOT 1
- Given the protection from bans this protocol enforces, can you reassure me that this is a suitable place for my hate speech HOT 4
- nostr is more than a twitter replacement?
- An idea to use nostr to publish torrents and encourage seeding
- Using the new passkey FIDO standard with nostr
- Associating images and notes in a relay to use nostr as diary HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nostr.