Oddbean new post about login | logout If the initializing bunker is malicious then the nip41 rotation can't be trusted either? Also where is the popup? Does every app that enrolls new users also need a keyring interface?
yeah, correct. But a malicious bunker would flag itself as malicious very easily. The popup is of the nsecBunker operator the user is using. It requires almost nothing more than supporting NIP-46, just a couple very simple modifications to the current spec.