WHO WILL RUN THE MINTS???

nostr:note1rmwxu36jduwcdjkpc7tntjsdt5kg77yv4m5zvvlhpts42ekv9hysj230kg  

 > users with registered accounts

What is an account here? It's not an npub, right?  

 Can be anything that supports OpenID Connect, so nostr auth could work too (if someone would build it). 

 Very well! 

 We could use nostr as a OIDC provider? 

 Yessssss please 

 👀👀 

 How does one become a “registered user”? 

 OpenID Connect 

 Kyc AML mints coming soon™️ 

 Most definitely, but your ecash txs within that mint are still private. I'm not sure if there's much/any privacy when making LN payments in and out of the mint. 

 Interesting 

 Pretty much the same as before. Mint can't rug individually, doesn't know your balance, can't stop transactions etc. Any mint can shotgun KYC its users though. 

 What stops a mint from stealing all the funds? 

 you need to use a real blockchain for that. they're down the hall and to the left.  

 LFG 

 Sounds like it’d work nice with nostr 

 Hello, i want to make a translation for cashu.me wallet where i can do this ? 

 What's JWT and JWS?
should probably be defined in the nut 

 Java Web Tokens? 🤮 

 James Web Telescope? 👀 

 lfg 

 There is Authentication and there is authorization. Does this scheme limit access to some "class" of users without knowing their identities? If it does, how do you gain access without the openid provider knowing their identity?  

 I don't think this does what you want it to do, or am I missing something?

Malory creates CAT.
Malory presents CAT and mints BATs.
Malory sends BAT to Eve.
Eve presents BAT in her request for protected endpoint.

Malory and Eve cannot rely on the mint to enforce double spending protections, but they can still copy and paste the BAT. 

 Yes I'm well aware of that and that there's likely no way to prevent that so we made it a feature: Eve can receive a token from Mallory's mint if it includes a BAT, which she can use to melt the token. 

 As I understood openid, there needs to be a call back from the open id service to the application - the mint in our case. We should look into how much of a leak this is. Also, please correct me if I am wrong about the call back from open id service provider to the application. 

 We should explore decentralised identity here instead. https://www.w3.org/TR/did-core/

OpenID providers are centralised ID providers who devour any data we send to them. Let's try to avoid doing that.

Unless, again, I am missing something. 

 Feel free to open a PR 

 Just to clarify what I meant: you can definitely help by coding up what you mean. We discussed DIDs a long time ago but nobody has stepped up.and done the work.

We don't bikeshed hypotheticals and we don't merge specs that aren't implemented in code. 

 we can log in with a lightning wallet, can we do that here too? 

 OpenID Connect works with any conceivable login method 

 Remember all the people who reposted or liked this note because they are clowns who support KYC and censorship.

nostr:nevent1qqspahrwgafx78vxetqu09e4egx46ty00zx2a6pxx0ms4c24vmxzmjgpzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtczypgdjn7zmpvqc6ptqud9gtutrcc6yq9s2z96h9dr80hss4wl9qwkxqcyqqqqqqgz0gd0h 

 Why not something like a ring signature or equivalent ZK proof? 

 A ring signature would be easily censorable 

 Also, it's not a problem that. BATs can be transferred. Just do it, we encourage doing it. 

 (BATs also have a bigger anon set) 

 What are the benefits to restrict usage of the mint? Maybe an example, because I don't see who benefits. Thanks! 👍 

 Corporations and governments will benefit from it. 

 https://image.nostr.build/937e849cdda268e8bb1a356b22299229357a1826192f6c4626e97d7aa69f92fc.jpg 

 Nice KYC'ed privacy with ecash? I'm confused 

 Imagine this:

- you want to provide LN/ecash services to your family and friends
-you don't want to know who is doing what payments, to offer them better privacy
- You end up running an ecash mint
- you don't want any rando to be able to use/abuse your mint
- you need auth (preferably blinded)

Also know this:
- It's an optional spec
- No one is forced to add auth to their mint
- you are not forced to use a mint that implements auth

Auth has a lot of drawbacks for ecash mints, but in some cases it is an absolute requirement 

 If governments and corps will use ecash, i will be thrilled. It's better than the other shit they are trying to force on us anyway.

It won't affect me much, since I will try to avoid their stuff as much as I can, but at least it would be an improvement for the fiat pleb 

 Corporations (custodians) will use it to get more users and it's an attack on self custody. A disrespect for the developers trying to improve self custody.

Governments will use it to target other mints that do not comply. 

Even if optional, providing a tool built in the protocol shows the intent. It is possible for a pool initiator in to add such requirements for others who join the pool but they won't be part of joinstr protocol as it's not defined in the protocol.

This also makes it easier to censor users and collect information that affects their privacy. 

 nostr:nprofile1qqsvfdfkn2wmy73wr0yhkf065jrzm8705ar4q6clyuhc7jekhqfdh4spypmhxue69uhkummnw3ezuetfde6kuer6wasku7nfvuh8xurpvdjj7qg4waehxw309aex2mrp0yhxgctdw4eju6t09uq3samnwvaz7tmjv4kxz7fwdehhxarjd93kstnyv5hs9565hr like signal but for your bank account  

 imagine signal but for your bank account