dtonon on Nostr: How can they tied someone else pubkey to their name? NIP-05 includes the pubkey, the ...
How can they tied someone else pubkey to their name?
NIP-05 includes the pubkey, the client verify that it matches with the pubkey of the (signed) kind:0 profile where the NIP-05 is saved, that's all.
Signing the NIP-05 doesn't improve this process.
Actually, signing NIP-05 could prevent someone, after hacking the server, from modifying NIP-05 itself. But it is a borderline case, adds a layer of complexity, and seems unnecessary for a simple identification tool.
NIP-05 includes the pubkey, the client verify that it matches with the pubkey of the (signed) kind:0 profile where the NIP-05 is saved, that's all.
Signing the NIP-05 doesn't improve this process.
Actually, signing NIP-05 could prevent someone, after hacking the server, from modifying NIP-05 itself. But it is a borderline case, adds a layer of complexity, and seems unnecessary for a simple identification tool.