Oddbean new post about | logout
Erik | 9 months ago (raw) | export | reply | flag 
 What if clients didn't actually deal with signing and publishing your notes?
What if a client could operate in a mode where it just produced the event template, and you scanned it as a QR code on your phone (which holds your nsec) and then your phone published the signed note?
A bit like a PSBT but for a nostr note.
Erik | 9 months ago (raw) | root | parent | reply | flag 
 The phone client just knows how to sign + publish notes. You could manage multiple keys there. 

Could be used to prove identity as well. A site can just present you with a challenge, and you sign the note on your phone and send it to a relay or API endpoint. 

Rather than an oauth like flow (oauth is clunky) it's more of a 2FA flow. 

Relying on browser extensions to handle nsec is a terrible experience.
brugeman | 9 months ago (raw) | root | parent | reply | flag 
 You don't have to rely on an extension any more - there is remote key access protocol nip46, try nsec.app as one implementation.
There is Amber offline signer for Android, not sure if it plans/supports QR codes though.
Erik | 9 months ago (raw) | root | parent | reply | flag 
 Yeah seems like amber is what I'm thinking. Nip-46 seems needlessly complicated though. You can do so much with it, but the up front setup cost of something like an nsec bunker for the average person is a lot.
brugeman | 9 months ago (raw) | root | parent | reply | flag 
 No upfront costs with nsec.app