Nostr Web Client

nostr:npub1getal6ykt05fsz5nqu4uld09nfj3y3qxmv8crys4aeut53unfvlqr80nfm extension allows you to produce a Schnorr signature with your on arbitrary data. That's freaking cool! nostr:npub1mhcr4j594hsrnen594d7700n2t03n8gdx83zhxzculk6sh9nhwlq7uc226 is making use of that to spend Pay-to-Public-Key (P2PK) locked ecash in the browser.

What does that mean? Someone can post ecash publicly that is locked to your npub (on nostr or *anywhere else*). Everybody can see it and verify that you're the recipient, but only you (with your nsec) can actually spend it (using Alby) to your wallet.

We're going to use nostr identities for payments and we're not going to ask for permission. 🤙

Reply to this note

Please Login to reply.

Discussion

calle 1y ago

* with your nsec on arbitrary data.

#noEditNoDeletes

Fabian 1y ago

Does this mean we can have instant ecash zaps without waiting for receipts and timeouts?

calle 1y ago

Yes

ziggie 1y ago

is there a break down of the flow, so it does not touch any lightning rails ?

JeffG 1y ago

This is maybe the coolest thing I’ve heard in a long while.

Egge 1y ago

Right?! This will be absolutely amazing 🤙

captjack 🏴‍☠️✨💜 1y ago

Cashu Cool !

komodoplatform.com/en/academy/p2pk-pay-to-pubkey/

ziggie 1y ago

could you explain the usecase of locked ecash ? can I read about that ?

WyhtBBDt 1y ago

I'm interested too

zoomoutpls 1y ago

I'm slowly starting to get interested in this ecash stuff ...

Egge 1y ago

You should be 🥜🔥

zoomoutpls 1y ago

this is cool indeed

dope !

average_bitcoiner 1y ago

DOWN WITH THE NUT GRABBERS.

nostr:nevent1qqszwp5ap5ntht6pvfh8w4pdfwp9f49kfgk5psh47twn29h0nhq4v2spz3mhxue69uhhyetvv9ujuerpd46hxtnfdupzq5xeflpdskqvdq4swxj59793uvdzqzc9pzatjk3nhmcg2h0js8trqvzqqqqqqycgmhwr

sebas 1y ago

nostr:npub12rv5lskctqxxs2c8rf2zlzc7xx3qpvzs3w4etgemauy9thegr43sf485vg what do you think about the risks of signing arbitrary data? Maybe for this operation the user should always be prompted to confirm? We were talking about this a few weeks ago with nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr

calle 1y ago

I see the risk in this and I think it also applies to other NIP07 applications that can get signatures on notes from the extensions (they could publish fake notes signed by you).

There seems to be no other way than to show the user what they are signing. I wish nostr:npub1getal6ykt05fsz5nqu4uld09nfj3y3qxmv8crys4aeut53unfvlqr80nfm had a dedicated way of showing details of the ecash that is being signed. Maybe one day?

Definitely needs trust in the application that is requesting these signatures. What's true for signing messages is also true for signing transactions.

sebas 1y ago

Yeah, having a clear UI for the user seems necessary. Anyways, this is great.