Replying to Avatar Seth For Privacy

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512

Just FYI, if you're paying attention (as you should!) to NIP-05 IDs you'll notice mine isn't verifying right now.

My server is being worked on and will be down for a few more hours, so expect to see it continue to fail until it's back up.

Signed this message with PGP for verification.

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyKxxTZXRoIEZvciBQcml2YWN5IDxzZXRoQHNldGhmb3Jwcml2YWN5

LmNvbT4FAmQXfYUACgkQa5eRxiFNHlfEzw/8DqiqIZcoUryBSu3bcuQNP3vYGEcS

JnDgGcX6zmaX7d5uVCYAGAm1pvaeczObaZY977blLlgEMNzMXifWn7ss5+MIsPsa

/0qPfaz9+YkPN2YVXcOlKQW/ukQRxaPpujEihbK7Me1qzf/z62uL2ZF9SyTqmlLg

Y3bBaZgflzPK1Pu8YJuT1NxhMZwFnJaS6slROY9RtMkkw0GRQ/Wfaxtbf52jdRic

KSlt36a1QAuZdeqX4jU8vX23uLItBNrz8N+WvjDnKKMA2FthFhvenXZtbEJlw1zs

YRc8+EYBXQbi1N2zuBMxxhdhFmSYiEGQFppxDfkMxSTExE/X5xrT37CRDV06qxDy

MmWTB+R/VE590maw7lB2e9ytBiZiC1nEHFTAdcnSDQKz6dnsw5qHM1sQ74QujrUL

ljxT9ry1swOzvnvRXSm8P4pfsLvZtVALN7+fg2PzDQcw/yID0ZzqbAZHVjOSPxT/

roqy6FXhPNBm4cZuM7Ik0/Ja8ynSYakUgW+0i137GQomWTisfzLI+8Zy4JM0v3Li

0Tuzmkzmng/YgQs4l1STt8Z8PnKkIdwvQxihEI0Q4HlDrIBjKk/7e80OmIWUbb7y

yFurZkveUXD0qvvCPqyONssYT8BT4gvwS+CAi/10znD5wN9u7d14XQzTh53HE6lw

LN53D0FG1O1KoT8=

=vIdY

-----END PGP SIGNATURE-----
Avatar
sommerfeld 2y ago

I don't think you need to pgp sign the note on nostr, since the note is already signed by your nostr key which I trust 😉.

That brings my point the NIP-05 verification is not necessary and even wasteful on accounts you already trust since public-key crypto is more trustworthy and a webserver and DNS.

Reply to this note

Please Login to reply.

Discussion

Avatar
Seth For Privacy 2y ago

Since key management is so bad I'd hesitate to trust Nostr keys alone ATM.

GPG provides a useful additional layer that is generally much better secured and thus harder to compromise.

I do like NIP-05, though clients should make it *very* clear when an identity doesn't validate properly.

Avatar
â‚¿loggingâ‚¿itcoin 2y ago

+1 for PGP second factor.