Thread - Nostr Hypermedia

This is absolutely awesome, great work. The automatic installation of certificates in the system's trust store is nice. So if you disable the automatic cert install (auto_install: false), nodns-server will be able to resolve the record (using the 111111 events) but the cert won't be trusted so the browser will complain and you'd have to manually trust it ?

↑ Parent

Replies (1)

Arjen 4 months ago

Correct. In the current state of the code automatically inserting the certificate is still VERY risky because I haven't implemented certificate security checks yet. If the checks are not in place. any [npub].nostr could publish a self-signed certificate with *.google.com and your system would trust it. Allowing a MITM attack. Just be aware of this when testing. It's very experimental.