Replying to Avatar hodlbod

Unfortunately all the same problems with email apply to push notification servers as well. In order to access auth-protected relays on behalf of a user, you have to be able to sign stuff with their key. Push notifications are by default not encrypted either (although I think you can do e2ee).
Avatar
Dikaios1517 8mo ago

Yeah, I am less concerned about the signing. That can be handled by giving the notifications service a separate bunker token that can be revoked if it tries signing things I don't want it to, or in the case of Pokey, I can just revoke its Android signer permissions.

I am definitely interested in the idea you have about locked permissions that you mentioned in the video.

And if push notifications can be e2ee... Could be a better solution all-around compared to email.

I am just spitballing here... Could any of this be combined with nostr:npub1mutnyacc9uc4t5mmxvpprwsauj5p2qxq95v4a9j0jxl8wnkfvuyque23vg's server-side secure enclaves to enhance the privacy of any of this? Any insight nostr:npub136jg2fnty2z5vwcnh7p4jpckrs3tk0dpueftgs7mznuuaenjpfps6tjnxf?

Reply to this note

Please Login to reply.

Discussion

Avatar
hodlbod 8mo ago

Here's the PR I opened on locked bunker delegation, : https://github.com/nostr-protocol/nips/pull/1795

Avatar
Dikaios1517 8mo ago

Well, you got buy-in from greenart7c3, and Amber is probably the most widely used bunker signer right now, so that's a start!

By the way. I need to get my GitHub account figured out. It has apparently been flagged, so no one can see what I comment or any issues I add... Probably because I signed up using an email alias, rather than my actual email address. Highly annoying.

Avatar
hodlbod 8mo ago

Yeah! Hopefully I can find time to coordinate with nostr:nprofile1qy88wumn8ghj7mn0wvhxcmmv9uq32amnwvaz7tmjv4kxz7fwv3sk6atn9e5k7tcqyp6hjpmdntls5n8aa7n7ypzlyjrv0ewch33ml3452wtjx0smhl93j44lmth and get it done. That email thing is annoying 😂