From e41c796182f9ca0f165ccc58121fbe3b0d6b57a7 Mon Sep 17 00:00:00 2001
From: Vitor Pamplona <vitor@vitorpamplona.com>
Date: Thu, 8 Feb 2024 10:26:23 -0500
Subject: [PATCH 1/3] Adds a private event to nostr.

---
 42.md | 36 +++++++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/42.md b/42.md
index 8c70de49..53af82f0 100644
--- a/42.md
+++ b/42.md
@@ -6,7 +6,7 @@ Authentication of clients to relays
 
 `draft` `optional`
 
-This NIP defines a way for clients to authenticate to relays by signing an ephemeral event.
+This NIP defines a way for clients to authenticate to relays by signing an ephemeral event and a way to specify which events and private and MUST require authentication to be served.
 
 ## Motivation
 
@@ -18,6 +18,40 @@ A relay may want to require clients to authenticate to access restricted resourc
 
 ## Definitions
 
+### New field to identify private events
+
+Clients that want to force an authentication in any event can add a `requires_auth_by` with array of authorized pubkeys to the base event object. 
+
+```jsonc
+{
+  "id": <32-bytes lowercase hex-encoded sha256 of the serialized event data>,
+  "pubkey": <32-bytes lowercase hex-encoded public key of the event creator>,
+  "requires_auth_by" [<32-bytes lowercase hex-encoded public key>, ... ]
+  "created_at": <unix timestamp in seconds>,
+  "kind": <integer between 0 and 65535>,
+  "tags": [
+    [<arbitrary string>...],
+    // ...
+  ],
+  "content": <arbitrary string>,
+  "sig": <64-bytes lowercase hex of the signature of the sha256 hash of the serialized event data, which is the same as the "id" field>
+}
+```
+
+NIP-42 supporting relays must then include the `requires_auth_by` field as the 7th position in the serialization of the event. This guarantees that relays and clients that do not support this NIP cannot validate private events and will never be able to receive them, avoiding leaking the event structure to a public relay. 
+
+```js
+[
+  0,
+  <pubkey, as a lowercase hex string>,
+  <created_at, as a number>,
+  <kind, as a number>,
+  <tags, as an array of arrays of non-null strings>,
+  <content, as a string>,
+  <requires_auth_by, as an array of non-null strings> 
+]
+```
+
 ### New client-relay protocol messages
 
 This NIP defines a new message, `AUTH`, which relays CAN send when they support authentication and clients can send to relays when they want to authenticate. When sent by relays the message has the following form:

From e4566466758de7a447df6b32678b4671e08bde87 Mon Sep 17 00:00:00 2001
From: Vitor Pamplona <vitor@vitorpamplona.com>
Date: Thu, 8 Feb 2024 10:30:14 -0500
Subject: [PATCH 2/3] Adds the auth instruction for the new field.

---
 42.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/42.md b/42.md
index 53af82f0..f06c6331 100644
--- a/42.md
+++ b/42.md
@@ -22,6 +22,8 @@ A relay may want to require clients to authenticate to access restricted resourc
 
 Clients that want to force an authentication in any event can add a `requires_auth_by` with array of authorized pubkeys to the base event object. 
 
+Relays MUST authenticate connections with at least one of the pubkeys listed in `requires_auth_by` to return events.
+
 ```jsonc
 {
   "id": <32-bytes lowercase hex-encoded sha256 of the serialized event data>,

From 1853f186bb8d62e9b20d0bdf3587e8b9b55c44dc Mon Sep 17 00:00:00 2001
From: Vitor Pamplona <vitor@vitorpamplona.com>
Date: Thu, 8 Feb 2024 11:08:03 -0500
Subject: [PATCH 3/3] changes private to protected.

---
 42.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/42.md b/42.md
index f06c6331..26d5bfce 100644
--- a/42.md
+++ b/42.md
@@ -6,7 +6,7 @@ Authentication of clients to relays
 
 `draft` `optional`
 
-This NIP defines a way for clients to authenticate to relays by signing an ephemeral event and a way to specify which events and private and MUST require authentication to be served.
+This NIP defines a way for clients to authenticate to relays by signing an ephemeral event and a way to specify which events are protected and MUST require authentication to be served.
 
 ## Motivation
 
@@ -18,7 +18,7 @@ A relay may want to require clients to authenticate to access restricted resourc
 
 ## Definitions
 
-### New field to identify private events
+### New field to identify protected events
 
 Clients that want to force an authentication in any event can add a `requires_auth_by` with array of authorized pubkeys to the base event object. 
 
@@ -28,7 +28,7 @@ Relays MUST authenticate connections with at least one of the pubkeys listed in
 {
   "id": <32-bytes lowercase hex-encoded sha256 of the serialized event data>,
   "pubkey": <32-bytes lowercase hex-encoded public key of the event creator>,
-  "requires_auth_by" [<32-bytes lowercase hex-encoded public key>, ... ]
+  "requires_auth_by" [<32-bytes lowercase hex-encoded public key>, /* ... */ ],
   "created_at": <unix timestamp in seconds>,
   "kind": <integer between 0 and 65535>,
   "tags": [
@@ -40,7 +40,7 @@ Relays MUST authenticate connections with at least one of the pubkeys listed in
 }
 ```
 
-NIP-42 supporting relays must then include the `requires_auth_by` field as the 7th position in the serialization of the event. This guarantees that relays and clients that do not support this NIP cannot validate private events and will never be able to receive them, avoiding leaking the event structure to a public relay. 
+NIP-42 supporting relays must then include the `requires_auth_by` field as the 7th position in the serialization of the event. This guarantees that relays and clients that do not support this NIP cannot validate protected events and will never be able to receive them, avoiding leaking the event structure to a public relay. 
 
 ```js
 [