- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Thu, 19 Sep 2024 14:56:01 +0200
- To: public-nostr@w3.org
- Message-ID: <CAKaEYhJQLYfwvHPpkN8ctdaWnSR2QsnpZKboHsNUv8fe9YtrFw@mail.gmail.com>
Hi all, Thanks for the feedback so far. I've received three pieces of concrete input: 1. From the Solid OS team — they've implemented Schnorr signatures for chat, but not login. It would be useful to include the WebID in the auth string, so both the key and WebID can be verified. 2. Kieran (co-author of NIP-98) suggested improving the description of how events are signed. 3. Brugeman pointed out that "serialized event" is mentioned a few times without specifying the serialization method. I’ve raised issues for these here: https://github.com/nostrcg/http-schnorr-auth/issues Let’s aim to fix these in the next draft, probably this week or early next. Happy to get more feedback anytime, either publicly or privately. Best, Melvin ne 15. 9. 2024 v 8:19 odesílatel Melvin Carvalho <melvincarvalho@gmail.com> napsal: > Hi all, > > Hope you're doing well. > > I've been working on a draft specification titled "HTTP Authentication > Using Schnorr Signatures". It explores using Schnorr signatures to > authenticate HTTP requests, aiming for a decentralized and secure > authentication method that could benefit web applications. > > You can check out the draft here: > > https://nostrcg.github.io/http-schnorr-auth/ > > The ongoing discussion on multi-part payloads [1] has not (yet) been > addressed. But this can be added if there is interest. > > Would love to hear your thoughts and get some discussion going. Any > feedback or suggestions are most welcome. > > Looking forward to collaborating with you all on this. > > Cheers, > > Melvin > > [1] https://lists.w3.org/Archives/Public/public-nostr/2024Aug/0000.html >
Received on Thursday, 19 September 2024 12:56:18 UTC