Replying to Avatar Vitor Pamplona

No, NIP-05 exists to prove an npub has some control over a domain name. If the Jeff Bezos key has a jeff@amazon.com and we know that 'amazon.com' is not owned by a random scammer, we can say that this is the real Jeff.

However the way people currently use NIP-05 with these random domain names is not effective at all. If I have vitor@plebs.com and you don't trust plebs.com have my id verified, the nip 05 is just useless.
Avatar
Evan 2y ago

Would you prefer something like how bsky handles it, using a DID server and DNS for usernames?

Reply to this note

Please Login to reply.

Discussion

Avatar
L 2y ago

I think if anyone is important and influental enough, they could find a way to have their own specific domain and verify their nip-05

But I as a nobody don't need to bother with it if I don't know how and don't have the meens for it.

I just get one from Iris and be done with it

Avatar
Evan 2y ago

I own my own nip-05 domain. 🤷🏻‍♂️

Avatar
Vitor Pamplona 2y ago

As long as the Iris version doesn't allow anyone with your keys to change it, it should be fine. The thing you want to avoid is to tell all your friends the iris address IS you and then your keys leak and the attacker not only gets your keys but also your NIP-05. All your friends will think they are talking to you. Not only because it comes from your PubKey, but also from a valid NIP-05.

Ideally the password that allows changing the NIP05 is completely unrelated to your keys, managed completely separately.

Avatar
Vitor Pamplona 2y ago

It's the same thing