Tim Bouma on Nostr: This is for the authentication geeks out there. In building #nostr #safebox I decided ...
This is for the authentication geeks out there.
In building #nostr #safebox I decided to create my own authentication protocol that takes advantage of properties unique to nostr.
What's cool about it, is that the protocol is completely symmetrical as far as the actors - it doesn't matter who the initiator or responder is, they are interchangeable. For example, one party might have a camera for scanning a QR code, the other, not. In developing this, I've created a bech32 encoded entity, called nAuth that us negotiated between the parties and is totally useless to other parties due to nonces, etc.
Still in development but working. As for QR codes, they are nothing special - just an out-of-band communication mechanism to initiate the protocol.
Hand sketch below.
In building #nostr #safebox I decided to create my own authentication protocol that takes advantage of properties unique to nostr.
What's cool about it, is that the protocol is completely symmetrical as far as the actors - it doesn't matter who the initiator or responder is, they are interchangeable. For example, one party might have a camera for scanning a QR code, the other, not. In developing this, I've created a bech32 encoded entity, called nAuth that us negotiated between the parties and is totally useless to other parties due to nonces, etc.
Still in development but working. As for QR codes, they are nothing special - just an out-of-band communication mechanism to initiate the protocol.
Hand sketch below.