Oddbean new post about login | logout What if we start sending nostr: URIs in the end of our emails with a signed copy of the message and a little extension verifies the Nostr signature in the email and replaces the unsecured email text with the signed one without even pinging any relay? 🤔
I feel like solving email privacy (with existing legacy SMTP etc) is far more important than solving an authenticity problem.
true, but maybe this starts the process of adding privacy to emails since you can also attach an encrypted Nostr DM to it.
I think metadata privacy is as or more important than content privacy. An email containing the text "whats up bro" is far less useful than knowing I sent literally anything to a person of interest. That said, I still think PGP does a good job here and should not be dismissed. That said if NIST and other orgs refuse to accept secp256k1 governments and businesses will refuse to implement it to comply with regulations. Nostr doesn't need to be the hammer looking for nails. If we're talking linking nostr identities to private communication, we need to consider ditching email entirely which i think is EASILY SOLVED WITH NOSTR. Let email play in the corner and be dumb and insecure because Google controls 90%+ of it and we move on.
I don't know your PGP key. I know your Nostr key. PGP is cool, but there is no social network for users to trust keys.
:110percent: that last point
Could work. Extensions for which browser?
all of them
Sounds intriguing. A good alternative method for signature verification. You wanna build it. I'll help you test it. I'm on Linux and android.
We could also tweet on X in this way. Since they don't provide any security, we can solve it ourselves. nostr:nevent1qqstmvhvyl5stxg2t4zkw3f4cne6pl2wggqau2fhd5c6qns4wct74dspzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tczyprqcf0xst760qet2tglytfay2e3wmvh9asdehpjztkceyh0s5r9cqcyqqqqqqg6jjzyg
Isn’t that basically PGP with extra steps?
Yep, but with your trusted Nostr keys.
We could add a PGP key and to our profile events and use the existing tools to add signatures. verification would still need to be solved though. We could also simply schnorr sign a hash of the email with our nsecs Or we don’t email and use NIP17 instead 😁
PGP for the masses.
#YESTR Also, what's the feasibility of building a NOSTR email thin client / browser extension that encrypts the email if it's sending it to a known npub? i.e. My email, NIP-05 and LND address are the same: mike@mikehardcastle.com
Super easy.
nostr:nprofile1qqsdu74x8vw8aqylv6n8hhxjh4xf22sfe4fwuq0d0ke435ym4ktlssqpz4mhxue69uhhyetvv9ujumt0wd68ytnsw43qzxthwden5te0wfjkccte9eeks6t5vehhycm99ehkuegprpmhxue69uhkummnw3ezucm0d9hxvatwvshxzursdn707c we could potentially do a quick injection of this into the Proton systems. Just letting each user account add an npub if they want; and have the current proton mail checks begin veryfying this. It could set a new standard if done as open source as possible. Combining forces of PGP & nostr signatures, for security and easy ID verification check!