Replying to Avatar ManiMe

This is not entirely accurate:

> “If you own the website, you can prove that the owner of the website also owns the private key”

The only thing Nip05 (nostr addresses verified by web domains) proves is that “this is address has a pubkey associated with it”.

These pubkey/addresses associations are not signed by a private key and may be changed by the domain owner at any time.
Avatar
mike 8mo ago

No, I was entirely correct.

Your attempt to correct me is ambiguous.

I can however explain more precisely.

It may not be the website owner that owns the key, but you at least have the permission of the admin for the site to upload the file.

The json file contains a HEX converted copy of your public key, along with relay list to find you on.

Anybody can generate that hex translation, but only somebody with permission can upload it to a website.

By definition, this creates a relationship between the holder of the private / public key pair and the web site admin / owner.

In my case, I both own and administer my domain name, I can therefore verify myself.

This is a100% correct explanation and does not need your incorrect challenge of it.

This is why around a year ago, the fake Forbes reporter failed to persuade anybody to give an interview because they could not upload the hex version of their public key to the forbes.com website meaning they did not work for Forbes.

This is incredibly powerful if you think about it. Even more powerful for companies than individuals.

Reply to this note

Please Login to reply.

Discussion

Avatar
Jose Sammut 8mo ago

stand ya base mike

Avatar
mike 8mo ago

I wouldn't mind, but I'd just done a podcast about it 😂

Avatar
ManiMe 8mo ago

I appreciate your statement that NIP05 “verification” from a “trusted” (by some other means) domain carries a lot of weight in “vouching for” pubkey. But still… your OP statement is problematic.

> “If you own the website, you can prove that the owner of the website also owns the private key”

NIP05 on its own (aside from the credibility of the issuing domain) does not “prove” private key ownership.

I love you Mike, but srsly.

Avatar
mike 8mo ago

You are discussing semantics within a proposal which I haven't even bothered mentioning within my explanation.

I love me too 😂

Have a nice day 🫂