nips icon indicating copy to clipboard operation
nips copied to clipboard
verified publisher icon nostr-protocol

NIP-85: Attestation of DNS-based identity providers

Open aidik opened this issue 1 year ago • 4 comments

The impact of NIP-05 identifiers is not as big as it could be. Spammers can spawn an unlimited amount of NIP-05 verified npubs with one or just a few domains. So a simple verified NIP-05 does not add much trust to the network.

This NIP adds a process to chain NIP-05 providers and increases trust similar to how certificates work. Allowing users to select trusted identity providers based on various criteria, e.g. manual verification process, content rules, community standards, etc. thereby bringing the freedom of choice to the user.

Here is a simple implementation on the NIP-05/85 provider side:

NIP-05 verification: https://anarcho.capital/.well-known/nostr.json?name=aida

NIP-85 attestation verification:

  • for individual NIP-05 https://anarcho.capital/.well-known/[email protected]
  • for whole domain https://anarcho.capital/.well-known/nostr.json?attest=anarcho.capital

aidik avatar May 01 '24 20:05 aidik

HI @Semisol, can you be more specific? How would a badge solve the links of trusts proposed here?

Me ----- [ NIP 5 Provider A ] ----- [ NIP 5 Provider B] ----- You

I trust A, You trust B, A and B trust each other therefore we are mutually attested

aidik avatar May 24 '24 14:05 aidik

If the pubkey matches the one given in "names" (as in the example above) that means the association is correct and the client can continue to verify attestations from the "attestators" attribute which contains an object with two optional attributes. One equal to the (<local-part> and <domain>) "nip05" identifier with value consisting of an array of URLs of attestators attesting this individual "nip05" identifier. The second attribute is equal to the <domain> and the value is an array of URLs attesting the whole <domain> of the DNS-based identity provider.

Couple of minor typo fixes

chmac avatar Aug 22 '24 09:08 chmac

NACK

Does anybody trust any nip05 provider wholesale? Is that even the point of nip05? I see this nip as promoting centralization in nip05 providers for no good reason.

The only nip05 identifiers that instill trust in me are one-offs or really tiny ones where I know the user list is hand picked. A verified [email protected] would have my attention (but not necessarily my trust) but once Xitter opens the floodgate and gives each handle a nip05 id, I would not trust them wholesale anymore.

Giszmo avatar Sep 01 '24 20:09 Giszmo

Does anybody trust any nip05 provider wholesale? Is that even the point of nip05? I see this nip as promoting centralization in nip05 providers for no good reason.

No it is not, never has been, never will be.

NIP-05s are an identifier for your npub. That's it.

Semisol avatar Sep 01 '24 20:09 Semisol