I agree that you can have your IP addresses rug-pulled just like you can have your DNS rug-pulled. But using a keypair for a relay solves some other things. It allows a single relay to serve multiple endpoints (e.g IPv4, IPv6, Tor). It avoids the confusion of clients not knowing if a URL path is a new relay or the same relay. And it allows relays to switch endpoints in the event that DNS and IP addresses are both pulled, without all the clients not being able to know that it is the same relay. Also CAs won't need to be trusted anymore if we use that keypair for TLS. CAs are such a scam. I've done some development at

GitHub

GitHub - mikedilger/alt-tls: TLS provider for rustls supporting ed25519, plus tools

TLS provider for rustls supporting ed25519, plus tools - mikedilger/alt-tls

on this, but haven't gotten it working with secp256k1 keypairs yet (I think I can, but it would not be standards compliant and wouldn't interoperate with other SSL software) But this change is massively disruptive to how nostr currently works. Relay URLs are all over the place currently. Maybe there is a migration path, but it seems rugged with a lot of switchbacks, and you'll have to carry a water bottle to make it to the end.

"""If we are to spend efforts on this layer then I'd rather go for the entire IP thing and make it possible for networks to be assembled in decentralized and permissionless ways using local cables and wireless infrastructure, then merge together forming an ever-growing parallel internet, with decentralized routing that scales globally.""" YES YES YES YES YES

I'm down.