Nostr Web Client

There’s a bunch of impersonation being done with NIP-05 because it currently just verifies to the domain name. This makes folks using directory services like nostr.directory, nostrplebs.com, and things like cash.app for verification difficult. Because I could be verified by those accounts and set my petname to jack or some brand name.

We’ve written up a updated proposal to add optional names that are verified at the service as part of the NIP-05 and a link back to the information that the verification service has about this nostr user.

Clients don’t need to implement this but it solves a lot of issues we’re seeing when people are using third party domains for verification.

https://github.com/erikwestra/nips/compare/master...nip-05-security-proposal

Reply to this note

Please Login to reply.

Discussion

fiatjaf 2y ago

A simpler solution would be for clients to drop the misleading "verified" badges entirely.

For example, this is what I see on Gossip:

Simple and straight to the point.

jb55 2y ago

damus does this. they are gray unless you follow the person and then it shows purple. might even remove the gray ones.

DZC 2y ago

Amethyst checkmarks also mean that you follow the user, nothing related with NIP-05 aliases or 'verification'.

👍

Kman 2y ago

Good points made! One issue with nostr.directory is it's pretty much unusable for people that have been permabanned on Twitter like myself. I'm all for a verification process, but I don't think it should involve a censorship platform like Twitter. I thought Nostr was trying to get away from such platforms, not integrate them?