Oddbean new post about | logout
Vitor Pamplona | 1 months ago (raw) | export | reply | flag +13 
 An interesting revelation I had when talking to nostr:nprofile1qqsglv2qkn5dmmuhee9cy8fywfu2rfp4xd3xy0myqg2gfvmjl9yqqrqppamhxue69uhk2tnwdaejumr0dsq3qamnwvaz7tmwdaehgu3wd3skueqpz3mhxue69uhhyetvv9ujuerpd46hxtnfduekf372 about nostr.build's new OTP using NIP-17 Giftwrapped DMs: 

The OTP code is sent to the user only. The sender/server doesn't store a copy of the code. That is impossible to do on NIP-04. 

If you send OTP via NIP-04, whoever has accept to the sender's key can decrypt and see all the codes. If you use NIP-17 DMs, the code is sent to the user and deleted from everything else.
utxo the webmaster 🧑‍💻 | 1 months ago (raw) | root | parent | reply | flag +2 
 The nip04 disrespecting campaign is working 😈
The Fishcake🐶🐾 | 1 months ago (raw) | root | parent | reply | flag +1 
 Yeah, get rid of that shit 04 😂😂😂🤣🫂(“Why are we disliking nip04 so much” - me a day ago)
utxo the webmaster 🧑‍💻 | 1 months ago (raw) | root | parent | reply | flag 
 at first you growl at me 🐶🐾
calvadev⚡️ | 1 months ago (raw) | root | parent | reply | flag +1 
 Realized this while working on adding support for it; super awesome DM payment security!
The Fishcake🐶🐾 | 1 months ago (raw) | root | parent | reply | flag 
 I’ve added NIP40 expiration to the wrapper event but it doesn’t seem to be respected by the relay or server. Would be cool if all relays supported nip40 for all of the event kinds.