we plan on adding forward secrecy in the future, but there hasn't been an established standard yet adopted by many clients. baby steps
Discussion
Yeah. DMs on Nostr are an atrocious situation, thereâs like a dozen different ways to send a DM. Honestly the fragmentation makes mass adoption impossible. My client doesnât support NIP-17 and I recently noticed Iâd missed a handful of DMs from friends when I opened a NIP-17 supporting client to receive my emails via nostr:npub1p5m98p05wn2tqffh0d9du6kjg8uy04g5485mgagxna56yrugd35qzvjnut
Imagine a normal person finding out that they didnât receive messages addressed for them because there are multiple DM specs. They are going to come to the conclusion that Nostr is trash.
things just move slowly, once the tech gets built out it will all smooth over. it took awhile before I was able to get to even nip17 since I decided I needed to build a custom database first to ensure there were no performance issues đ
Signal had a protocol spec from day 1 with nearly all basic requirements of a messaging service. Nostr has 2 NIPs, neither of which have been well thought out by someone who understands cryptography. NIP-17âs spec mentions âoptional forward secrecyâ but the author doesnât seem to understand that forward secrecy means something in a cryptographic context or how it might be achieved. And if you have forward secrecy, why would you make it optional? Most messengers people actually use have forward secrecy as part of the protocol, with no way to opt-out. Signal, WhatsApp, FaceTime, and Facebook messenger. The only messengers that arguably do not have it are Viber and Telegram, the latter having it optional for its âsecret chatsâ.
âThings just move slowlyâ is a poisonous phrase in terms of making a widely adopted technology product. And it is less about moving slowly and more about people just going in completely different directions. Right now if things were moving faster, the ecosystem would just fragment faster. Thereâs not even an attempt to put developers on the same page or curate NostNostrents towards a reasonable standard. Itâs a clusterfuck.
Ideally, people would be seeking to copy White Noise, as it properly uses Double Ratchet (much like Signal and WhatsApp) instead of NIP-17. But even everyone agreeing to use NIP-17 would be better than the current situation, which is a multitude of incompatible methods that vary by the whim of each clientâs developer.
unfortunately integrating white noise is a lot more complex, giftwraps are more general for more use cases beyond dms, and are simpler to implement.
devs are time constrained, the slowness is more an economic reality even if its âpoisonousâ. Centralized dev can move faster of course and doesnât have these issues of working with third parties and slower schedules.
The benefit is that each implementation keeps other implementations in line. Itâs harder to sneak through security vulnerabilities without being noticed by other clients.