I don't understand why NIP-05 isn't signed:
https://github.com/nostr-protocol/nips/blob/master/05.md
"""
Identification, not verification
The NIP-05 is not intended to verify a user, but only to identify them, for the purpose of facilitating the exchange of a contact or their search.
"""
but we could easily add a signature field, otherwise the profile process is less secure than the signed-event model. Unless I missed something?
Interesting! How would that work in detail? Place a signature in the JSON of the NIP-05 server?
NIP-05 should be use to identify an user, not to verify it. A signed NIP-05 would be rendundant.