Re: http-schnorr-sig -- HTTP Authentication Using Schnorr Signatures from John O'Hare on 2024-09-19 (public-nostr@w3.org from September 2024)

From: John O'Hare <J.OHare5@salford.ac.uk>
Date: Thu, 19 Sep 2024 18:44:49 +0000
To: "public-nostr@w3.org" <public-nostr@w3.org>
Message-ID: <AM8PR01MB8102BE1BED67121BC014B7A487632@AM8PR01MB8102.eurprd01.prod.exchangelabs>

This is really interesting and good to see, thanks. It all speaks to some cross integration and design issues I have been circling round for a while.

Regarding the potential merging / conflating of NIP 96 and 98, I worry that the simplicity of nostr is such a core feature of the protocol, and this might allow waste / creep / divergence.

Personally, the ability to commit small amounts of data in one go would be a huge boon to me, perhaps reduce some latency in complex exchanges. Is there a way to make them independent but interconnected in such a way that it could form an extension to the auth later if there's a significant demand or usecase?

Thanks,

John


--
Chief Hallucination Officer - Dreamlab<https://narrativegoldmine.com/#/page/introduction%20to%20me>
________________________________
From: Melvin Carvalho <melvincarvalho@gmail.com>
Sent: 19 September 2024 13:56
To: public-nostr@w3.org <public-nostr@w3.org>
Subject: Re: http-schnorr-sig -- HTTP Authentication Using Schnorr Signatures


Hi all,

Thanks for the feedback so far. I've received three pieces of concrete input:

  1.  From the Solid OS team — they've implemented Schnorr signatures for chat, but not login. It would be useful to include the WebID in the auth string, so both the key and WebID can be verified.
  2.  Kieran (co-author of NIP-98) suggested improving the description of how events are signed.
  3.  Brugeman pointed out that "serialized event" is mentioned a few times without specifying the serialization method.

I’ve raised issues for these here:
https://github.com/nostrcg/http-schnorr-auth/issues

Let’s aim to fix these in the next draft, probably this week or early next.
Happy to get more feedback anytime, either publicly or privately.

Best,
Melvin

ne 15. 9. 2024 v 8:19 odesílatel Melvin Carvalho <melvincarvalho@gmail.com<mailto:melvincarvalho@gmail.com>> napsal:
Hi all,

Hope you're doing well.

I've been working on a draft specification titled "HTTP Authentication Using Schnorr Signatures". It explores using Schnorr signatures to authenticate HTTP requests, aiming for a decentralized and secure authentication method that could benefit web applications.

You can check out the draft here:

https://nostrcg.github.io/http-schnorr-auth/

The ongoing discussion on multi-part payloads [1] has not (yet) been addressed.  But this can be added if there is interest.

Would love to hear your thoughts and get some discussion going. Any feedback or suggestions are most welcome.

Looking forward to collaborating with you all on this.

Cheers,

Melvin

[1] https://lists.w3.org/Archives/Public/public-nostr/2024Aug/0000.html

Received on Thursday, 19 September 2024 18:58:45 UTC