Oddbean new post about | logout
melvincarvalho | 4 months ago (raw) | root | parent | reply | flag 
 Dont need to deprecate.  But I see what you mean, re inconsistent UX.  You can have apps that take advantage of it, and apps that dont.  Ultimately nostr is permissionless dev, so some apps do some things, others do other things.  Client/client standards can only go so far, at some point, when functionality is needed.
jb55 | 4 months ago (raw) | root | parent | reply | flag +1 
 I guess it depends on the proposal, i haven’t seen a convincing one yet
The: Daniel⚡️ | 4 months ago (raw) | root | parent | reply | flag +1 
 How do we solve this for wider adoption?
jb55 | 4 months ago (raw) | root | parent | reply | flag +3 
 We have to decide if logging in with nostr is a desire-able thing to have. The ecosystem seems to be moving to passkeys, i don’t see why we necessarily need npub identities for login. There are many reasons you wouldn’t want that: privacy, etc.
The: Daniel⚡️ | 4 months ago (raw) | root | parent | reply | flag 
 Logging in with nostr was a big plus for me but I’m not a normal use case.
Water Blower | 4 months ago (raw) | root | parent | reply | flag +2 
 What are passkeys?
jb55 | 4 months ago (raw) | root | parent | reply | flag +1 
 https://developer.apple.com/passkeys/

https://developers.google.com/identity/passkeys

https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/
Water Blower | 4 months ago (raw) | root | parent | reply | flag 
 So a private key is stored locally on device and the corresponding public key is stored in the server.

That’s pretty much just Nostr sign-in.

The only difference is that passkey approach generates a new key for every app. It’s like using a different private key for every nostr client.
Kendy | 4 months ago (raw) | root | parent | reply | flag 
 Sounds like a massive difference. A compromised nsec would be catastrophic.
Water Blower | 4 months ago (raw) | root | parent | reply | flag +1 
 Yes. This discussion has changed my attitude towards Nostr Signin/Connect
The: Daniel⚡️ | 4 months ago (raw) | root | parent | reply | flag +1 
 They’re login tokens that are encrypted on your device and tied to a master identity.
semisol | 4 months ago (raw) | root | parent | reply | flag +2 
 Passkeys are utter trash in implementation but the underlying concept is good

npub login is flawed because it can’t support multi identity and is non-private by design
semisol | 4 months ago (raw) | root | parent | reply | flag 
 And also they don’t use obscure shit like BIP304 signatures so they can be put onto a secure element
frphank | 4 months ago (raw) | root | parent | reply | flag +1 
 All the "hardware wallet" implementations for Bitcoin show that you can make a secure element for BIP340 just fine.
semisol | 4 months ago (raw) | root | parent | reply | flag 
 Specialized SEs != TPMs in computers, SEs in phones, etc
frphank | 4 months ago (raw) | root | parent | reply | flag 
 Ah yes correct.
frphank | 4 months ago (raw) | root | parent | reply | flag +1 
 BIP340 are Schnorr signatures?

From: https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.07-2014-03-13.pdf

Section: C.4.3 EC Schnorr

"If a TPM supports ECC, it should support the TPM_ALG_ECSCHNORR scheme."