What is Nostr?
altf4
npub1jrw…0k6c
2024-06-01 06:54:48

altf4 on Nostr: was recently thinking about how Signal very quietly rolled out a WoT feature when ...

was recently thinking about how Signal very quietly rolled out a WoT feature when they introduced usernames...
I used to maintain the OpenPGP.js library (used in ProtonMail) and I don’t use PGP. And Phil Zimmerman doesn’t use PGP because he prefers Apple Mail on his iPhone.

I always ask myself: what’s the point of asking users to download a PGP public key to verify a binary they download from the same website. Users aren’t getting more integrity assurances over what SSL already offers them, since most have no idea how to use WoT.

It’s different with nostr... every user has a WoT that they can manage (with decent enough UX) and it already gives them value outside of verifying binaries. So I’d love to see an easy-to-use “nostr-verify” unix program that you pass your npub that *just works*. Anyone that wants to attest a given binary can upload their signatures to their relays. Then the “nostr-verify” program just pulls these sigs from my relays to verify the binary. Does this exist? note1qqq…yz8d
Author Public Key
npub1jrw2spt0yra4cquxky7e5y0aph4aqunf82tzwnxaxwzsncgz26hsfk0k6c