The shield is placed partially outside the image where users can't draw. They could use a 20% smaller image with the shield but that will be visibly off to app users.
The goal of the shield is to fight impersonation of the people you follow. We shouldn't mix it with a similar symbol for those who follow you.
Otherwise, an attacker can follow you to create just enough trust for you to think you are talking to the real Jack.
So did we determine if the nostr:npub1fndlt0xh7q26867xs5lx2enn97wpzdtmdepadvhdee6zl05cgl6q3dlrjm was the real deal by his shield?
No, the goal is not to verify if a user is real. That's for NIP-05 to do. The shield is to deal with **impersonation of the people you follow**. You marked a PubKey as a contact by following it. Clients should tell you when you are talking to the PubKey you marked or to somebody else that has the same picture and name.
Thanks for explanation.
So it still can have defferent colors for mutual follow?
I thought nip-05 is for showing npub as a human readable address?
No, NIP-05 exists to prove an npub has some control over a domain name. If the Jeff Bezos key has a jeff@amazon.com and we know that 'amazon.com' is not owned by a random scammer, we can say that this is the real Jeff.
However the way people currently use NIP-05 with these random domain names is not effective at all. If I have vitor@plebs.com and you don't trust plebs.com have my id verified, the nip 05 is just useless.
Straight to the point
Thanks for being so patient with me
Would you prefer something like how bsky handles it, using a DID server and DNS for usernames?
I think if anyone is important and influental enough, they could find a way to have their own specific domain and verify their nip-05
But I as a nobody don't need to bother with it if I don't know how and don't have the meens for it.
I just get one from Iris and be done with it
I own my own nip-05 domain. 🤷🏻♂️
As long as the Iris version doesn't allow anyone with your keys to change it, it should be fine. The thing you want to avoid is to tell all your friends the iris address IS you and then your keys leak and the attacker not only gets your keys but also your NIP-05. All your friends will think they are talking to you. Not only because it comes from your PubKey, but also from a valid NIP-05.
Ideally the password that allows changing the NIP05 is completely unrelated to your keys, managed completely separately.
It's the same thing
