Replying to Avatar thewall

Take a look at my nostr.json. I signed it with my lightning key. I think something like this is the future of NIP-05.

https://lnwall.space/.well-known/nostr.json

Avatar
βš‘οΈπŸŒ±πŸŒ™ 2y ago

Yes, maybe could list multiple pubkeys, wallets and relays with a single identity, this would allow you to use a single identity with a pubkey/wallet on each device and no need to transfer keys from device to device whilst also having some resilience to losing any one device. The nick/identity should be sovereign.

Then if relays publish NIP-05 information on relay.domain/.well-known/nostr.json it makes identification native to nostr infrastructure and recorded in multiple locations as a consensus reference and not reliant on a single point of failure.

Reply to this note

Please Login to reply.

Discussion

Avatar
π–‹π–Žπ–†π–™π–‰π–Šπ–“π–Žπ–Šπ–— (Β―`◕‿◕´¯) 2y ago

What is stopping a scammer from stealing your identity and linking it to their npub?

Avatar
thewall 2y ago

In my case I’ve signed it with my lightning node. The problem with online identity is that you need to peg it to something. Easy for me since I have a well known lightning node now. Others tweet their npub, but that requires an established twitter following. It’s a really hard problem.

Avatar
βš‘οΈπŸŒ±πŸŒ™ 2y ago

Anyone can claim to be Elvis Presley.

The only way to avoid that is to set up NIP-05 as I have done. Using your real name and a real name DNS domain, with an SSL Certificate from a Certification Authority. This way you can port your real world ID to DNS and from DNS to a pubkey via NIP-05.

Lots of people here don’t like that though, and prefer the anonymity of a nym, that’s OK. But I think they run a much higher risk of impersonation because nyms are easier to steal, as they are created out of thin air.

It all depends on where you want to trace your sovereignty from, either from yourself or from a nym you created. There are pros and cons for each approach.

Avatar
Sophia 2y ago

Elvis has left the building

Avatar
HoloKat 2y ago

Aren’t there free ssls that don’t need your identity though

12
Carlos 2y ago

With certificates, you don't trace your sovereignity from yourself, but from the CA / cert issuer. Third party.

How would one know if elvispresley.com or elvispresley.net is the real one? Both can have valid certs from valid CAs (many, if not most, are compromised anyway).