Yarr! Yesterday was demo day here at SEC-01 and I presented my proposal for identity management in nostr. In it I introduce some new concepts for identity management such as secure identities and simple identities, master keypair and subkeys (this will allow cold storage).
This was a research exercise in which I studied the previous proposals that have been presented and how gpg (a battle-tested protocol) achieves its robustness. I've based it mainly on nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft proposal, extending it and trying to take the best of all of them and make something that makes sense for nostr, prioritising simplicity and backwards compatibility.
Please take a moment to read the proposal and share your ideas/criticism, this is something super important for nostr as having a more robust identity system will better preserve the value that content creators, companies and users in general can create and ultimately have a richer and more valuable network where everyone can maintain the value, reputation and web of trust that it creates.
https://github.com/nostr-protocol/nips/pull/1032
#sovEng
GM
Nostr needs this!
nostr:note1u5ez7rxjxmkxr5e09e0qmayzz5fantsqd4lqx5uayw05rzk68jus2tk3kr
Fascinating conversation about software integrity verification on the latest bitcoin.review pod
There is a huge issue with phishing specifically with apps like nostr:npub1hea99yd4xt5tjx8jmjvpfz2g5v7nurdqw7ydwst0ww6vw520prnq6fg9v2's Sparrow Wallet.
nostr:npub1qny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysew95gx suggested adding a known set of hashes in a trusted place and enforcing TOFU (trust on first use: all versions have the same signer) to Sparrow which would help mitigate attacks during updates.
Shout out to nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft for bringing up zap.store in the conversation! I'm building it to fix this exact problem: verifying packages stored anywhere using webs of trust. Trust is inherently social so the nostr social graph is a perfect fit.
And agree with nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 that current app stores do serve a purpose, curation and reputation will always be important, but having a free market for it is just as important.
For those interested I wrote about this topic at length: https://stacker.news/items/404908
This product is using NIP-94 (and another NIP coming up soon) for the distribution and verification of artifacts
Android enforces TOFU and pinning at the OS level (APK are signed), PWAs have none of this. Installing them via zap.store can emulate these features (same signature for updates, prevent downgrading)
Yes, Pablo mentioned it
Yessir! Sorry it looks like shit 😆 until I apply your knowledge
Lmao
I appreciate having these angry cats on nostr
nostr:note1yukrvc2fezfm055j77ww6l8t5s5ha5pfa8a624d20drpxmntdvhsxphayz
I think Alby can hold multiple identities but I that's not a password manager
Not necessarily, one can use BIP-85
One password != one identity
I think it's wrong to assume he means "one identity for everything"
What stops you from generating a new keypair just for nostr.build? Or use key derivation to get a new identity?
Anyway people use password managers because they want to have all their passwords backed up and organized under one password
Peer review everything #OnlyOnNostr
https://cdn.satellite.earth/770e6cb2bdde83e8f885cd10a3c7489fe04004be0e10aaa07dcaa664433abc03.mov
lmao why isn't it lgbt friendly?
lol zuby too?
I agree, relays should offer a regular HTTP API as well
Alright. I certainly do not use Telegram and I think the objection is reasonable.
👏
I have mixed feelings about Keet. Is it open source yet? It doesn't make sense to run closed-source software for this kind of things
Final #COLDCARD Q tease before shipping.
None of the clients could take the 120mb vid upload 😅
Bird https://x.com/coldcardwallet/status/1755639690357510485
Beautiful!
Where do I insert the SIM card?
Not while I bootstrap it but later on definitely
What do you specialize in?