PABLOF7z @PABLOF7z - 1y
on the second flight I finished writing the implementation (and modifications to NIP-46) to make the following possible: 1. Alice goes to App A (e.g. Coracle) -- she clicks "create account" and gets a NIP-05 "[email protected]". She uses Coracle as she normally would. 2. Alice goes to App B (e.g. Primal) -- she clicks "login" and types in "[email protected]". A popup comes up and asks Alice if she wants to authorize this application to access her account. In an advanced setting She can scope down what the application can do (e.g. only create short notes but don't change the profile data) At no point is there any mention of nsec, npub, keys, NIP-07, nsecbunker. Nothing. It just works. cc nostr:npub1r0rs5q2gk0e3dk3nlc7gnu378ec6cnlenqp8a3cjhyzu6f8k5sgs4sq9ac nostr:npub16c0nh3dnadzqpm76uctf5hqhe2lny344zsmpm6feee9p5rdxaa9q586nvr nostr:npub1wmr34t36fy03m8hvgl96zl3znndyzyaqhwmwdtshwmtkg03fetaqhjg240
3bf0c - 1y
Did you just fix Nostr?
arkinox @arkinox - 1y
nostr:npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqn
I'm new to nostr...
tanel - 1y
Pablo’s special ability: Coding during a flight
sourcenode @sourcenode - 1y
Pablo you are a machine 🫂💜🫂💜🫂💜
Karnage @Karnage - 1y
😮 🤯
It doesn’t silo them. Maybe watch nostr:npub1wmr34t36fy03m8hvgl96zl3znndyzyaqhwmwdtshwmtkg03fetaqhjg240 fantastic keynote to get context on why this type of flow is important.
Cleaning up code 😅 It’s a short flight.
Owen @Owen - 1y
I’m reluctant to say this in a thread of nostr big brains but… If everyone adopted this aren’t we then relying too much on ICANN … and doesn’t that become a bit of a weak point in terms of censorship?
Nip 46 and each app gets its own local key. The first app that generates the user’s key gets auto approved, subsequent ones need user approval. When the user wants to off board from whoever is running the nsecBunker backend they can NIP-41 rotate the key away if the nsecBunker becomes malicious. The cool thing is that downloading a “recovery kit” is already a very normal flow from apps that have important data; and this could provide a “Recovery kit” that includes everything the user needs, including a NIP-41 identity migration scheme. This work was largely inspired by nostr:npub1wmr34t36fy03m8hvgl96zl3znndyzyaqhwmwdtshwmtkg03fetaqhjg240 ‘s talk (I watched it on the flight): we need nostr for normies. https://youtu.be/9pGZ2epF8ZY?feature=shared
Nah, we can easily move to a different namespace if that becomes anywhere near problematic. This is. It relying on anything special, it’s just “copy an npub” is more scary than “this is your nostr username”
Vitor Pamplona @Vitor Pamplona - 1y
Looks like DIDs. :)
The: Daniel⚡️ @The: Daniel⚡️ - 1y
I’m just pretending to understand what was written here.
Gotcha! Thanks for the explanation
We may need to explain that this login works on other apps. Or call it a unified credentials or something. Not sure exactly what that would look like yet.
i just skip over the NIP numbers as It won’t resonance anyway, without actually knowing them https://i.nostr.build/2A5d.jpg
We’ve come full circle ⭕️
semisol @Semisol - 1y
sure the setup process just works but now they need to keep coracle open as long as they want to use anything
also, fatigue attacks
maybe have Coracle have a separate authenticator app with pop-ups, doesn’t take up as many resources in the background
imo key rotation is not an excuse to make user keys even more vulnerable. NIP-07 should be the only way to create an account on web browsers.
Normal people don’t do extensions this way; it’s too high a bar
With new technology you have to adapt, and hiding this from the user won’t be possible forever. With Bitcoin payments are irreversible. With Nostr you need to install an extension to secure your key.
Remember, the more friction, the more churn. “Install this thing in your browser” is a VERY weird UX people are not used to. Add to it relays, interoperability, and a bunch of bitcoiners yelling at you and you shut off a large chunk of potential users. And remember, in both cases you are trusting the third party (nsecBunker operator or NIP-07 implementation) is not malicious.
Local code is more verifiable than remote code