Replying to Avatar Eric FJ 🪬⚡️

GM nostr:npub1market6g3zl4mxwx5ugw56hfg0f7dy7jnnw8t380788mvdyrnwuqgep7hd team: since you are actively using NIP-15 we would love to get your feedback on this proposal to improve the spec for effective e-commerce on Nostr. We are developing and open sourcing the Coordinator for any of your seller's use.

nostr:naddr1qq257drwx94rzs2lwyey7a33v43nqjj4w4j85q3qnkfqwlz7xkhhdaa3ekz88qqqk7a0ks7jpv9zdsv0u206swxjw9rqxpqqqp65wp3t053

cc: nostr:npub1a3um269aaf3u5cy37kuykrrrnsg2pyv7za06pxjduv25lq5sdujs2qmdj6 nostr:npub18ekka6n399pskjzjusvduscem5c99dewg2swe3u68vdce92cmxgszeht3g nostr:npub1qw6sxmwrmwpxqsc8cxty62ujvst6j8pmz8hhtwnv54gpn6dh5c4qms4882 nostr:npub1cjw49ftnxene9wdxujz3tp7zspp0kf862cjud4nm3j2usag6eg2smwj2rh nostr:npub1c37zfj85qq9g8a00e5hhatdw47u0j4phqf7lxd2068qp6lu9ykpshddaf4 nostr:npub1gzuushllat7pet0ccv9yuhygvc8ldeyhrgxuwg744dn5khnpk3gs3ea5ds

Avatar
Gzuuus 1y ago

Great to see more people getting involved in the development of Nostr marketplaces I read your article about NCC and have to say that it highlights some serious flaws in its conception. Firstly, NIP-15 is problematic and its design is limited. Additionally, the use of NSEC Bunker is discouraged, as it involves storing merchant keys in a database and using them to sign transactions on behalf of the merchant. This approach is risky and creates a single point of failure. If the NSEC Bunker is compromised, you become responsible for the security of the keys, which is a significant weakness.

You mention key delegation, but I don't think it's a viable solution due to its complexity and implications for merchant reputation and WOT. Implementing this solution and make it work for everyone would require a significant amount of design and enforcement.

The approach we was following to resolve the interactivity problem is to place interactive actions in the correct context. For example, instead of the merchant initiating the payment request when it receives a new order, the buyer should initiate it using the public or private information delegated by the merchant to the marketplace. The marketplace can be a server, but the risk is minimised since payment details can be public, like the ones in kind:0 or nip61, or encrypted using the marketplace's app keys. Even if payment details are compromised, the damage is limited compared to the potential consequences of exposing private keys.

I'd be happy to continue discussing the challenges of Nostr marketplaces. We're currently working on a new specification for Nostr marketplaces that relies heavily on NIP-99 and addresses the requirements for e-commerce that NIP-15 describes. Our goal is to create a specification that enables interoperability across the entire Nostr ecosystem, which is currently lacking. NIP-15 is flawed, and NIP-99 is too broad, leading to custom implementations that break ecosystem interoperability and harm users.

We're collaborating with the main developers of other Nostr marketplaces, such as Shopstr and Cypher, to create a more solid specification. I invite you to take a look and engage with our efforts. It would be amazing to achieve real interoperability within the e-commerce specification, which is essential for the success of the Nostr ecosystem. Without further ado, I'm happy to continue the conversation and glad to see more people interested in participating and collaborating. Please feel free to participate in the conception of the new specification. https://github.com/gzuuus/nips/pull/1

Reply to this note

Please Login to reply.

Discussion

No replies yet.