Replying to Avatar jb55

The idea behind keyoxide, keybase, etc is that you post signed proofs that you are in control of various accounts online (twitter, Reddit, web, etc). Normally you would use pgp but you could use nostr signatures instead.

If these proofs were stored in notes on nostr, nostr clients could verify these proofs and say for certain that said nostr pubkey controls said accounts on the internet. This would be much more powerful and reliable than nip05. This would be true verification. And it would be the most decentralized version of keybase/keyoxide since it would be stored in nostr notes replicated across multiple relays. nostr:note1275rd6v83g8877y0ftxh79jqpnp3ptpcz8f24gav3njlu8n2jjtqecfvs3
Avatar
SER 2y ago

This is the idea behind NIP-39, isn't it? Except that 39 is unfortunately specific; naming service-specific schemes in a NIP is restrictive (how do I verify self-hosted gitlab? Sourcehut? Whatever replaces github?), and also oddly enshrines & sanctifies a small set of services. If NIP-39 were abstracted, and ideally store attestations in notes as you suggest, it would be less tightly coupled.

I was thinking about this issue from a different direction: an attestation mechanism for use in authorization -- kerberos-in-nostr. It'd be a combination of NIP-03, NIP-40, and possibly NIP-06. Keyoxide covers a lot of use cases, so there's overlap. Both assert an (ownership) relationship between two accounts, but one additionally has an attestation from one of the service owners.

Reply to this note

Please Login to reply.

Discussion

No replies yet.