Nip5 is not verification. It’s just a vanity pronounceable and searchable address aka “nostr address” as coined by nostr:npub18ams6ewn5aj2n3wt2qawzglx9mr4nzksxhvrdc4gzrecw7n5tvjqctp424
Discussion
Well it is verification if its on your own site and you're a known person. Because a stranger couldnt use your site. mastodon has something similer .
No. Too easy to overlook, typo domains, similar sounding domains. It doesn’t verify if you don’t know what the legit domain is. For some people it helps.
It's only verification if there's a reliable verification process to get one. Now, it's just address association with an npub.
How do you reliably verify anyone? You’d have to know them and do it in person, or via some other already verified channel.
I don't know. I'm just saying it's not verification without a verification process. As it is, it's just a user-friendly substitute for an npub.
Ya it’s useful to share like on a podcast
I need to see your driver's license, social security number, and 3 pieces of mail sir.
🤣
That's a very narrow view of what verification means. Nostr already has a process to verify your Mastodon github, and Twitter accounts. The process of linking your nostr profile to your external accounts is a form of identity verification that could conceivably be used to verify identity for a NIP-05 address.
Real life of trust 😁
and portable like an email address
If you control the domain it's not a bad verification check. Can be removed if nsec is compromised. The way most people use it though, yeah.
It’s hard to know which domain people control so it’s not a good verification mechanism because of that.
I bet nobody knows my nip5 without looking at it
Fair. Seems it's still useful for a brand though. Like if I'm the Conduit guy and all my Conduit homies have Conduit NIP5s then my NIP5 is suddenly a different site that's a red flag.
...But you're right people probably don't even check, seems like something that needs a re-think.
It is if you're a business. Not so much for individuals. It's the only way I know nostr:npub18s4zkd0wjq5gkthz4paw2704ty4s354wcp2krvxy0sewz3g9z2cs73ydrt is legit without having to contact them directly to ask.
Even then someone could register proton-mail or getproton.co or any other official sounding variant and if you’re not paying attention carefully you could fall for it. Not saying it would be easy or you personally but if you extrapolate this to tens or hundreds of thousands of people; there will be scammed people.
Same can be said for email and phishing websites right?
Think everything that's not for free can count as verification. At least it's prove of little work done 😀
Well...it's got elements of verification though, if used that way. You at least need to be able to get the file onto a webserver. For folks like Lyn Alden running their own domain, it's a pretty decent defense against impersonators, as presumably, Lyn's not providing file hosting to her various clones.
Obviously if you've got an @iris.to address, there's no verification to it, and is just as you say.
Grapevine / networks of voluntarily trusted peers.
If the 10 people I trust most in life attest that
You only need a few high-quality "bootstrap nodes" to get high trust attestations, whether theyre people you know and love or public figures who are highly unlikely to lie.
Yes, "trustlessness" is always better, but there are certain domains where it isn't feasible - and identity is one of them.