In the process of getting ecash payments into SatShoot!
nostr:nprofile1qqs04xzt6ldm9qhs0ctw0t58kf4z57umjzmjg6jywu0seadwtqqc75sprfmhxue69uhhq7tjv9kkjepwve5kzar2v9nzucm0d5hsz9thwden5te0wfjkccte9ejxzmt4wvhxjme0qythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0y8qdrm If I remember correctly, an earlier version of the spec had a section about encrypting privkey with passphrase.
Now it's just nip44 which is just encrypting to my own nsec.
Guess I can still double-encrypt but what is the threat model in this version of the spec?
If app has access to nsec directly or indirectly via nsecbunker it can basically steal the ecash right?
I am thinking of ways to communicate caveats to users effectively in SatShoot.