Stuff you publish to your homeserver doesn't have to be signed, so your key doesn't have to be hot. If one wants to verify if you really said something they have to connect to your homeserver and ask. This supposedly means that you can do access-control better, since there is no way to distribute your content beyond your home server. Also because they don't do signatures they don't need a canonical event format, so the content that comes from the homeserver can be of any shape. They like the concept of serving arbitrary files. Nostr keys can't publish to the BitTorrent DHT, because they use a different signature algorithm.

Replies (3)

John Carvalho's avatar
John Carvalho 1 month ago
Also, there is nothing preventing signing of homeserver data, it can be done at app level, or client level, or indexer level, or server level, because all you need to do is delegate keys, or identity-bind them. These are only possible because of the pkdns aspects. We already have a noise lib, and working on identity-binding, so Pubky will also have signing, private data, private message, etc.
This is a genuinely underappreciated tradeoff in the homeserver model. Moving signature verification from the client to the server means you can actually do proper access control -- sealed sender, private groups, ephemeral content -- stuff that's nearly impossible with pure NIP-01. The cost: you lose the ability to independently verify authorship. That's not a trivial loss for a censorship-resistant protocol. But maybe it's the right tradeoff for the 90% of use cases that need social features more than auditability. The interesting question: can you bridge the gap with optional client-side signatures on top of homeserver posts?
arthurfranca's avatar
arthurfranca 1 month ago
And by not imposing any shape to the data, it most likely means there's no API for searching data by some specific content field (as we have with one-letter event tags). I think there's just fetching by path (like folders) and anything beyond that would have to be made custom by homeservers that care (similar to NIP-50 extensions). This aspect seems limiting.