- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Sun, 17 Aug 2025 20:12:54 +0200
- To: "John O'Hare" <J.OHare5@salford.ac.uk>
- Cc: "public-nostr@w3.org" <public-nostr@w3.org>
- Message-ID: <CAKaEYh+RrXBsLFC9Q2r4HpGRucdZwdN7qpNsyEJ1yoXv-gmUpw@mail.gmail.com>
čt 19. 9. 2024 v 20:59 odesílatel John O'Hare <J.OHare5@salford.ac.uk> napsal: > This is really interesting and good to see, thanks. It all speaks to some > cross integration and design issues I have been circling round for a while. > > Regarding the potential merging / conflating of NIP 96 and 98, I worry > that the simplicity of nostr is such a core feature of the protocol, and > this might allow waste / creep / divergence. > > Personally, the ability to commit small amounts of data in one go would be > a huge boon to me, perhaps reduce some latency in complex exchanges. Is > there a way to make them independent but interconnected in such a way that > it could form an extension to the auth later if there's a significant > demand or usecase? > I've done a round of improvements on http-schnorr-auth, including an explanation of did:integration, implementation guidance and a mention of Solid. It's starting to look in much better shape now. https://nostrcg.github.io/http-schnorr-auth/ It's basically NIP-98 in the W3C context. > > Thanks, > > John > > > -- > Chief Hallucination Officer - Dreamlab > <https://narrativegoldmine.com/#/page/introduction%20to%20me> > ------------------------------ > *From:* Melvin Carvalho <melvincarvalho@gmail.com> > *Sent:* 19 September 2024 13:56 > *To:* public-nostr@w3.org <public-nostr@w3.org> > *Subject:* Re: http-schnorr-sig -- HTTP Authentication Using Schnorr > Signatures > > > Hi all, > > Thanks for the feedback so far. I've received three pieces of concrete > input: > > 1. From the Solid OS team — they've implemented Schnorr signatures for > chat, but not login. It would be useful to include the WebID in the auth > string, so both the key and WebID can be verified. > 2. Kieran (co-author of NIP-98) suggested improving the description of > how events are signed. > 3. Brugeman pointed out that "serialized event" is mentioned a few > times without specifying the serialization method. > > I’ve raised issues for these here: > https://github.com/nostrcg/http-schnorr-auth/issues > > Let’s aim to fix these in the next draft, probably this week or early next. > Happy to get more feedback anytime, either publicly or privately. > > Best, > Melvin > > ne 15. 9. 2024 v 8:19 odesílatel Melvin Carvalho <melvincarvalho@gmail.com> > napsal: > > Hi all, > > Hope you're doing well. > > I've been working on a draft specification titled "HTTP Authentication > Using Schnorr Signatures". It explores using Schnorr signatures to > authenticate HTTP requests, aiming for a decentralized and secure > authentication method that could benefit web applications. > > You can check out the draft here: > > https://nostrcg.github.io/http-schnorr-auth/ > > The ongoing discussion on multi-part payloads [1] has not (yet) been > addressed. But this can be added if there is interest. > > Would love to hear your thoughts and get some discussion going. Any > feedback or suggestions are most welcome. > > Looking forward to collaborating with you all on this. > > Cheers, > > Melvin > > [1] https://lists.w3.org/Archives/Public/public-nostr/2024Aug/0000.html > >
Received on Sunday, 17 August 2025 18:13:11 UTC