But you can sign a message dated last year and broadcast it.
Discussion
Ok, so I am very ignorant on all of this so please thank you for your patience. What do you mean by signing? Is writing and posting a note not enough of a signature is there a different process for that? Same for broadcasting... Is that different from posting notes?
I'm only 6 months into Nostr and I just keep learning how much I don't know or understand 🤣
When you wrote this comment, your app used your nsec to sign this message. The message included the date and time. That information is all locked by your signature. But you decided what to write.
Your signature is how we know the posts actually came from nostr:nprofile1qqstcqhq5mq0qxkeedt69v8ca7pyr0zll9uuu3zje60zg00y2a6kwfgpzpmhxue69uhkummnw3ezumt0d5hszrnhwden5te0dehhxtnvdakz7qgawaehxw309ahx7um5wghxy6t5vdhkjmn9wgh8xmmrd9skctcrca29m
Not from someone pretending to be you
Ok good good, it is what I thought then. Thank you!!!
Although you are not aware, every message you write here is cryptographically signed by your private key which matches your public key, so we know the owner of the private key wrote it.
If you wish to verify your identity beyond the fact you hold your private key, then you can optionally verify your identity by storing your public key on a webserver, either yours or somebody else you trust.
If you own the website, you can prove that the owner of the website also owns the private key that signs each message posted here on NOSTR.
If you look at my profile, you will see I am verified as mike@mikehardcastle.com which means I stored my public keys on my website in this file here:
This is not entirely accurate:
> “If you own the website, you can prove that the owner of the website also owns the private key”
The only thing Nip05 (nostr addresses verified by web domains) proves is that “this is address has a pubkey associated with it”.
These pubkey/addresses associations are not signed by a private key and may be changed by the domain owner at any time.
No, I was entirely correct.
Your attempt to correct me is ambiguous.
I can however explain more precisely.
It may not be the website owner that owns the key, but you at least have the permission of the admin for the site to upload the file.
The json file contains a HEX converted copy of your public key, along with relay list to find you on.
Anybody can generate that hex translation, but only somebody with permission can upload it to a website.
By definition, this creates a relationship between the holder of the private / public key pair and the web site admin / owner.
In my case, I both own and administer my domain name, I can therefore verify myself.
This is a100% correct explanation and does not need your incorrect challenge of it.
This is why around a year ago, the fake Forbes reporter failed to persuade anybody to give an interview because they could not upload the hex version of their public key to the forbes.com website meaning they did not work for Forbes.
This is incredibly powerful if you think about it. Even more powerful for companies than individuals.
stand ya base mike
I wouldn't mind, but I'd just done a podcast about it 😂
I appreciate your statement that NIP05 “verification” from a “trusted” (by some other means) domain carries a lot of weight in “vouching for” pubkey. But still… your OP statement is problematic.
> “If you own the website, you can prove that the owner of the website also owns the private key”
NIP05 on its own (aside from the credibility of the issuing domain) does not “prove” private key ownership.
I love you Mike, but srsly.
You are discussing semantics within a proposal which I haven't even bothered mentioning within my explanation.
I love me too 😂
Have a nice day 🫂
I did so,thing similar with the DNS text fields of https://vveerrgg.online
TXT
nostr_
npub=npub1c0nk9a8cc7u9uxkjhwl0e6qm4thj5r7c7cvs3v9ky0s3l8g6dqjsqwrz29,name=vveerrgg
15 Minutes
TXT
nostrrelays_
wss://relay.primal.net,wss://nostr.oxtr.dev,wss://relay.damus.io,wss://relay.getalby.com/v1,wss://relay.maiqr.app
15 Minutes
How are you liking DNS?
I think we did a good job designing it.
Let me know your thoughts.