Are the "simple and dumb" supposed to verify the signatures? If not, couldn't they be storing and then sending impersonated events?

[Pranoy1c]

I am reading the readme:

https://github.com/nostr-protocol/nostr/blob/master/README.md

A relay is very simple and dumb. It does nothing besides accepting posts from some people and forwarding to others. Relays don't have to be trusted. Signatures are verified on the client side.

So, from what I gather (correct me if I am wrong), relays don't do any verification of the events they are sent. They store whatever is given to them and then they send it to requesting clients who are supposed to verify the events received.

Since the relay isn't verifying the signatures of incoming events, couldn't they be storing and then sending impersonated events?

Has the decision been made on purpose to let the client do the verification of signatures? Any particular reason?

[alexgleason]

All relay implementations I'm aware of do verify signatures. But how would you force them to do so? It's not an arbitrary decision, it's the nature of the design of the protocol.

[mikedilger]

If you are writing a relay and want to "do the right thing", I would verify the signature. But as @alexgleason says, the protocol is designed so that relays don't have to be trusted. You cannot rely on them verifying the signature.

That being said, some clients are tightly paired with relays so that the client doesn't need to verify the signature (which can be expensive on a mobile phone). I don't know the state of affairs with those clients, but my point is only that there are many ways to use nostr that might make different assumptions.