What if we start sending nostr: URIs in the end of our emails with a signed copy of the message and a little extension verifies the Nostr signature in the email and replaces the unsecured email text with the signed one without even pinging any relay? π€
Discussion
I feel like solving email privacy (with existing legacy SMTP etc) is far more important than solving an authenticity problem.
true, but maybe this starts the process of adding privacy to emails since you can also attach an encrypted Nostr DM to it.
I think metadata privacy is as or more important than content privacy. An email containing the text "whats up bro" is far less useful than knowing I sent literally anything to a person of interest. That said, I still think PGP does a good job here and should not be dismissed. That said if NIST and other orgs refuse to accept secp256k1 governments and businesses will refuse to implement it to comply with regulations.
Nostr doesn't need to be the hammer looking for nails.
If we're talking linking nostr identities to private communication, we need to consider ditching email entirely which i think is EASILY SOLVED WITH NOSTR. Let email play in the corner and be dumb and insecure because Google controls 90%+ of it and we move on.
We could also tweet on X in this way. Since they don't provide any security, we can solve it ourselves.
Isnβt that basically PGP with extra steps?
Yep, but with your trusted Nostr keys.
We could add a PGP key and to our profile events and use the existing tools to add signatures. verification would still need to be solved though.
We could also simply schnorr sign a hash of the email with our nsecs
Or we donβt email and use NIP17 instead π
PGP for the masses.
Yes
I'm bullish on using nostr for what PGP tried to be
nostr:nprofile1qqsdu74x8vw8aqylv6n8hhxjh4xf22sfe4fwuq0d0ke435ym4ktlssqpz4mhxue69uhhyetvv9ujumt0wd68ytnsw43qzxthwden5te0wfjkccte9eeks6t5vehhycm99ehkuegprpmhxue69uhkummnw3ezucm0d9hxvatwvshxzursdn707c we could potentially do a quick injection of this into the Proton systems. Just letting each user account add an npub if they want; and have the current proton mail checks begin veryfying this.
It could set a new standard if done as open source as possible.
Combining forces of PGP & nostr signatures, for security and easy ID verification check!