Mirror/nips
1
0
Fork 0
mirror of https://github.com/nostr-protocol/nips.git synced 2025-01-31 10:31:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Entirely trusted relays

Browse Source
This commit is contained in:
Mado 2025-01-03 17:06:42 +09:00
parent c91098af86
commit 142536a959
No known key found for this signature in database
1 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
XX.md Normal file
View File

@ -0,0 +1,51 @@
NIP-XX
======
Entirely Trusted Relays
-------------------------
`draft` `optional`
An entirely trusted relay list is a `kind:10051` event that includes a list of `r` tags with relay URLs. When a relay is included in a user's entirely trusted relay list, that relay is allowed to host rumors (events without a `sig` field) from that user.
Entirely trusted relay lists MUST NOT be a rumor.
Entirely trusted relay lists MUST contain an `alt` tag with the value `"entirely trusted relays"`, as it is very dangerous to publish this list by mistake.
```jsonc
{
"kind": 10051,
"tags": [
["r", "<relay-url>"],
["r", "<relay-url>"],
["r", "<relay-url>"],
["alt", "entirely trusted relays"] // this alt tag cannot be omitted
],
"content": "",
// other fields including `sig`...
}
```
## Relay Behavior
Supporting this NIP means that the relay accepts and hosts rumors just like regular events. However, relays MUST reject a rumor when the connection is not authenticated by [NIP-42](42.md) AUTH flow using the same pubkey as the author of the rumor.
Relays MAY reject a rumor if the relay does not have an entirely trusted relay list from the rumor's author that includes the relay's URL.
## Client Behavior
Clients MUST only trust rumors from the relays included in the entirely trusted relay list of the rumor's author.
Clients MUST perform the [NIP-42](42.md) AUTH flow with the relay before publishing rumors to that relay.
Clients MUST NOT consider the entirely trusted relay list valid in any of the following cases:
- It does not have the correct `alt` tag.
- It has an [`expiration` tag](40.md) and has already expired.
- It is a rumor.
Clients SHOULD NOT publish an entirely trusted relay list if one of the relays in the list accepts rumors from non-authenticated sessions or authenticated sessions with incorrect pubkeys.
## Why
There are cases where the [`"-"` tag](70.md) is not enough to prevent events from being broadcast to random relays.