Oddbean new post about | logout
 Because Cloudflare sees your traffic in clear, because they terminate your TLS connection. So are the other services or equipment that does that 

I think the point was that service that runs nsecbunker has access to the nsec as is, it doesn’t matter if it’s stored encrypted or not, it’s an easy fix to intercept the key if service wanted to.

Enclave or HSM with the proper and standard encryption key exchange and zero exposure of unencrypted nsec or the key is the only way I see it being trustworthy. 🐶🐾🫡 
 the communications with the bunker are over relays, it's no direct HTTPS connection 🤔
 
 I do not have full visibility into the code at this time, but how does the key gets into the bunker, and how does the passphrase get to nsec bunker to decode the key. I am strictly talking about the initial setup. 🐶🐾🫡 
 over nostr, nip04 encrypted payloads

it doesn't expose any direct APIs because the whole point was to be able to run it behind a firewall without doing any holepunching tricks (other than left-side-of-the-curve "just use nostr" holepunching) 
 Ok, that makes sense. Thanks for clarifying this 🐶🐾🫂🫡