Yeeees!
Does this mean they'd need sats already during onboarding for their nsecbunker hosting though?
on the second flight I finished writing the implementation (and modifications to NIP-46) to make the following possible:
1. Alice goes to App A (e.g. Coracle) -- she clicks "create account" and gets a NIP-05 "alice@somesite.com". She uses Coracle as she normally would.
2. Alice goes to App B (e.g. Primal) -- she clicks "login" and types in "alice@somesite.com". A popup comes up and asks Alice if she wants to authorize this application to access her account. In an advanced setting She can scope down what the application can do (e.g. only create short notes but don't change the profile data)
At no point is there any mention of nsec, npub, keys, NIP-07, nsecbunker. Nothing. It just works.
cc nostr:npub1r0rs5q2gk0e3dk3nlc7gnu378ec6cnlenqp8a3cjhyzu6f8k5sgs4sq9ac nostr:npub16c0nh3dnadzqpm76uctf5hqhe2lny344zsmpm6feee9p5rdxaa9q586nvr nostr:npub1wmr34t36fy03m8hvgl96zl3znndyzyaqhwmwdtshwmtkg03fetaqhjg240
Discussion
Nah, that would defeat the purpose; this will be infra that I’m guessing clients will happily subsidize.
Running a bunker has a marginal cost of basically zero. We’ll find another way of preventing abuse like some PoW on the browser or something like that.
Neat! Damn that solves a looooot for the normies.
Time to start editing some signup flows 👌
Does that mean you need to trust the first key issuer and if they are compromised the rest is as well?
No, the first client never sees the nsec. You’re only trusting the nsecBunker backend operator you use and with NIP-41 even if the bunker becomes malicious you’d have a way forward.
Also, bunkers are economical actors and becoming malicious requires them signaling they are malicious.
Keep in mind where people are coming from now, normal operations is you never can control your account nor have a recourse if the operator censors/revokes your access. This is a way for normies to compete with that state of affairs.
I meant the bunker. Just trying to understand from the perspective “trusting a 3rd party is a security threat as a default”. They need not to be adversarial but just get hacked.
We need easy-to-use solutions, and almost anything is better than centralised silos 😁
Farcaster’s Passkey was a nice implementation to make it easier for regular users, and also allowing to pay with Apple the reg&storage fees.