auggie on Nostr: Yes, but how is it the signing done? Via network comms right? So if the signer ...
Yes, but how is it the signing done? Via network comms right? So if the signer requires network access to work, then the dev pushes malicious code to publish the nsec, there's nothing you can do about it. Whereas nip 55 I can box up the signer with 0 network access so even if malicious code is pushed, it can't be transmitted.
Published at
2025-01-16 16:03:11Event JSON
{
"id": "633cbbb7a240ffc52bce585ad7ec0ed9b3b31b21b3d842cff42b6f1f0aa625de",
"pubkey": "d70d50091504b992d1838822af245d5f6b3a16b82d917acb7924cef61ed4acee",
"created_at": 1737043391,
"kind": 1,
"tags": [
[
"e",
"266efc3fc7c4f838d5ea5447e7b765c72e28f3e5558323d65ff079a78fe1bf27",
"",
"root"
],
[
"e",
"61d13322207bbe9fd9168b873646331c9f363f6324576a6c68712db19973fbf4"
],
[
"e",
"51c1d01670c6f5da469e528c1867df2ee2e8ae2e874705399893a9f1f08547ae",
"",
"reply"
],
[
"p",
"d70d50091504b992d1838822af245d5f6b3a16b82d917acb7924cef61ed4acee"
],
[
"p",
"bbf923aa9246065f88c40c7d9bf61cccc0ff3fcff065a8cb2ff4cfbb62088f1e"
]
],
"content": "Yes, but how is it the signing done? Via network comms right? So if the signer requires network access to work, then the dev pushes malicious code to publish the nsec, there's nothing you can do about it. Whereas nip 55 I can box up the signer with 0 network access so even if malicious code is pushed, it can't be transmitted. ",
"sig": "82a1a0fbb9a99bb52c3a0e8c60947146a36d170bff5b068fc607202d8051eead1aa2a91348d4a7b7f791093f0875666d4eff6e00b4ce3f1212667473eedd3b29"
}
