Onion domains are so susceptible to phishing attacks.
One day, nostr-ish signing every HTTP response will be a thing.
Discussion
To be clear nostr:npub18ams6ewn5aj2n3wt2qawzglx9mr4nzksxhvrdc4gzrecw7n5tvjqctp424 i'm not calling you a phisher 😂
That's why onions should provide pgp signatures and many do.
In practice it works the same as nostr signing.
PGP signatures have less signal than nostr signatures
I see nostr as just social pgp ¯\_(ツ)_/¯
Agree, nostr has the (potential) web-of-trust PGP dreamed of.
https://github.com/fr4nzap/nips/blob/linked-cryptographic-identities/69.md