Oddbean new post about | logout
semisol | 3 months ago (raw) | root | parent | reply | flag 
 it won’t be fully fixable until we make a better NIP-44 that includes kind and source info, because an app can take an encrypted blob and sign a message containing it to make it look like an outbound message, then ask to decrypt it
jb55 | 3 months ago (raw) | root | parent | reply | flag 
 not sure what you mean
semisol | 3 months ago (raw) | root | parent | reply | flag 
 an approach to limiting decryption access is per kind

but a problem is that you can take an encrypted blob and make it look like something else by putting it in a different kind and with the p tag of the sender to make it appear like it’s an outgoing message + asking the ext to sign

the only solution is indicating the kind and sender in the encrypted blob