matt on Nostr: TLS you cannot provide a proof for (it’s asymmetric in the cert but used to derive ...
TLS you cannot provide a proof for (it’s asymmetric in the cert but used to derive symmetric keys, so you can forge a transcript). DNS is not, so like you say you can avoid all the complexity, and a totally untrusted device can provide a proof to a totally offline device (eg a hardware wallet).
Published at
2024-02-08 23:09:10Event JSON
{
"id": "09ccec35e1a544c904439350045661f4a401e0078beeffcd8c4b2d01f6ef2490",
"pubkey": "3d2e51508699f98f0f2bdbe7a45b673c687fe6420f466dc296d90b908d51d594",
"created_at": 1707433750,
"kind": 1,
"tags": [
[
"e",
"690976e5bd49069c86ff962ca0eab9fee23de0cc276711ceaa9faa240841dc45"
],
[
"e",
"eb027e821baddde3950c12f686fb8a416a5972b2b70650fee694117a810c6cb7"
],
[
"p",
"0d97beae567fcec9c6574f1c6ef6126ea969d4992c3198e51c0fac52c5274a14"
],
[
"p",
"0d97beae567fcec9c6574f1c6ef6126ea969d4992c3198e51c0fac52c5274a14"
]
],
"content": "TLS you cannot provide a proof for (it’s asymmetric in the cert but used to derive symmetric keys, so you can forge a transcript). DNS is not, so like you say you can avoid all the complexity, and a totally untrusted device can provide a proof to a totally offline device (eg a hardware wallet).",
"sig": "daa4edb4cc674d2e070d9dd146fce2facb4d42db686f68b24d64cf0720c0f3f2f93ed12099cd9b3d2f05d38d99b98c720751826d0e68f19f12f6e9ce5ca1fe9f"
}