I still doubt you fully got the point, but OK. Let's consider HTTP as a baseline, I have three questions then:
1) Why JSON? HTTP itself offers a wonderful way to transfer metadata, it's called headers. They require much less CPU cycles to parse and shape. They are naturally separated from the request/response body. All specific headers can start with X-Nostr- to not interfere with anything current. Even the digital signature can be put there if it's short enough.
2) Why TLS? Aren't signatures themselves enough to prevent tampering with? Isn't current centralized PKI prone to censorship as well? On top of that, TLS over e.g. Tor isn't necessary at all.
3) Why a single (and not very popular) signature algorithm instead of the wide choice offered by OpenPGP, where we can reuse existing libraries/tools (that have been working all this time even on DOS) for both signing and, if necessary, asymmetrical note encryption (to mitigate number 2 completely)?
P.S. "Just because you're unique, doesn't mean you're useful" Being different from mainstream is not enough to automagically guarantee yo're doing things right.
Luxferre
npub163…g40f6
2024-04-18 07:30:43
in reply to nevent1q…lqxk
Author Public Key
npub163gcvh4dwwqm4yp2y7355tu9s7e6pzmqlcl3p78m7vm52fq7ej9s0g40f6Published at
2024-04-18 07:30:43Event JSON
{
"id": "b6b3a8ee402cada3ec250310676a718537bc81fedfc32e54413a05c73ed2ff82",
"pubkey": "d451865ead7381ba902a27a34a2f8587b3a08b60fe3f10f8fbf33745241ecc8b",
"created_at": 1713418243,
"kind": 1,
"tags": [
[
"e",
"6f896d1b8493d7dd3143948d6cb24367c604656f7db8692f811845bad895b462",
"wss://relay.nostr.band/",
"root"
],
[
"e",
"e42a6026f93eaf6f9566f66b33847f08e13c4bf29c22b4cd372be31eccb08901",
"wss://relay.nostr.band/",
"reply"
],
[
"p",
"036533caa872376946d4e4fdea4c1a0441eda38ca2d9d9417bb36006cbaabf58",
"",
"mention"
],
[
"p",
"dd664d5e4016433a8cd69f005ae1480804351789b59de5af06276de65633d319",
"",
"mention"
]
],
"content": "I still doubt you fully got the point, but OK. Let's consider HTTP as a baseline, I have three questions then:\n\n1) Why JSON? HTTP itself offers a wonderful way to transfer metadata, it's called headers. They require much less CPU cycles to parse and shape. They are naturally separated from the request/response body. All specific headers can start with X-Nostr- to not interfere with anything current. Even the digital signature can be put there if it's short enough.\n\n2) Why TLS? Aren't signatures themselves enough to prevent tampering with? Isn't current centralized PKI prone to censorship as well? On top of that, TLS over e.g. Tor isn't necessary at all.\n\n3) Why a single (and not very popular) signature algorithm instead of the wide choice offered by OpenPGP, where we can reuse existing libraries/tools (that have been working all this time even on DOS) for both signing and, if necessary, asymmetrical note encryption (to mitigate number 2 completely)?\n\nP.S. \"Just because you're unique, doesn't mean you're useful\" Being different from mainstream is not enough to automagically guarantee yo're doing things right.",
"sig": "e62f8ad99efc58013447e286620f61b17988269231326eee54196af84d40bb4f51fdf6d8eb4de6c7f34acd7377fb77b30721cd40e5e89e520017349eb8f82be1"
}