Nostr Web Client

The idea behind keyoxide, keybase, etc is that you post signed proofs that you are in control of various accounts online (twitter, Reddit, web, etc). Normally you would use pgp but you could use nostr signatures instead.

If these proofs were stored in notes on nostr, nostr clients could verify these proofs and say for certain that said nostr pubkey controls said accounts on the internet. This would be much more powerful and reliable than nip05. This would be true verification. And it would be the most decentralized version of keybase/keyoxide since it would be stored in nostr notes replicated across multiple relays. nostr:note1275rd6v83g8877y0ftxh79jqpnp3ptpcz8f24gav3njlu8n2jjtqecfvs3

Reply to this note

Please Login to reply.

Discussion

faisal 2y ago

key rotation before

jb55 2y ago

Just need revocation

freeborn | ἐλεύθερος | 8r0gwg 2y ago

Isn't that what nostr.directory does?

jb55 2y ago

nope

Account deleted 2y ago

Sharing the process amongst multiple centralized entities. Interesting…

Pablo Xannybar 2y ago

100% in favour of using Nostr keys for signing proofs like PGP, it's an obvious use case, but if we're going down the road of using Nostr keys for cryptography my only issue is the NSA designed NIST curve secp256. Nostr should use Ed25519 instead.

jb55 2y ago

🤦‍♂️

Pablo Xannybar 2y ago

What?

Cryptographers have raised legitimate concerns with how NIST curves are designed and Nostr does use secp256.

Can provide links if you want. Plenty has been written about this. That's why the new standard for SSH and PGP is Ed25519.

Frank Wray 2y ago

I was just reading it and I agree. I think this can be “an upgrade “ to NIP-05 and like you said true verification. And probably still simpler than DID standard (based on my quick reading of keyoxide).

Seth For Privacy 2y ago

Isn't that exactly what NIP-39 does?

https://github.com/nostr-protocol/nips/blob/master/39.md

Have been using that for ages in Amethyst and defines exactly what you're meaning AFAICT.

n 2y ago

nostr:nevent1qqs8sjy4rkpg2kd6grqs5q63jy7mt0etut80v0nygy7zcq3zm0dnw4qpz3mhxue69uhhyetvv9ujuerpd46hxtnfduw4vlfu

nip05よりもはるかに強力で信頼できるものです。これは真の検証である。

SER 2y ago

This is the idea behind NIP-39, isn't it? Except that 39 is unfortunately specific; naming service-specific schemes in a NIP is restrictive (how do I verify self-hosted gitlab? Sourcehut? Whatever replaces github?), and also oddly enshrines & sanctifies a small set of services. If NIP-39 were abstracted, and ideally store attestations in notes as you suggest, it would be less tightly coupled.

I was thinking about this issue from a different direction: an attestation mechanism for use in authorization -- kerberos-in-nostr. It'd be a combination of NIP-03, NIP-40, and possibly NIP-06. Keyoxide covers a lot of use cases, so there's overlap. Both assert an (ownership) relationship between two accounts, but one additionally has an attestation from one of the service owners.

Kieran 2y ago

How would you verify it, it would have to be manual

Bac0t 2y ago

i still have this for green verification checkmark on fediverse/mastodon u gotta have pgp on your email first, edit it then upload it to https://keys.openpgp.org/ , kinda difficult for normies, but it would be cool if nostr can make it easier

elidy 2y ago

Could this be done with Web5+nostr?

https://developer.tbd.website/projects/web5/