Subnostr

People joke about the UX and they're right but the truth is you can use GPG pretty much everythere and as long as you know someone's pubkey you can use the most spied on communication channel and your message will still be authentic and secret.

Those who really need it will use it eventually. Not everything is meant to be used by everyone.

nostr:nevent1qqsdl7rm8vqeacg05a9pgqp84w0fh6hn7xefsyx43fxuqa45uv7e0lspz9mhxue69uhkummnw3ezuamfdejj7q3qwf4pufsucer5va8g9p0rj5dnhvfeh6d8w0g6eayaep5dhps6rsgsxpqqqqqqznx06s0

franzap 2y ago

I'm particularly interested in message signing/verification, which for packages is typically done via GPG and a shasum file.

Maybe it's not meant to be used by everyone but I sincerely hope it is. As PGP is a tech with a big social component I'm trying to understand how nostr could help with its flaws here

Reply to this note

Please Login to reply.

Discussion

sommerfeld 2y ago

Nostr just has a better UX but the underlying concepts are the same:

* public key crypto

* WoT for attesting public key authenticity without a centralized authority

Nostr only does the latter point partially, i.e. you implicitly "trust" your follows and sort of your 2nd degree follows but clients still don't fully exploit WoT. They could use it to curate feeds, weight or filter counters (number of reactions, followers, etc), combat spam, etc.