Re: Nostr Subkeys from Melvin Carvalho on 2025-02-27 (public-nostr@w3.org from February 2025)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Thu, 27 Feb 2025 12:24:43 +0100
To: Maximillian George <maximillian.george@gmail.com>
Cc: public-nostr@w3.org
Message-ID: <CAKaEYhLUx5tqwneBxCuq9KuiQ980sW1txthBpuaxtuj-y15h8Q@mail.gmail.com>
čt 27. 2. 2025 v 11:13 odesílatel Maximillian George <
maximillian.george@gmail.com> napsal:

> Ha! Small world indeed, sorry for preaching to the choir. You’re much more
> well versed in this than I am.
>
> I can agree that within the confines of Nostr that a DID doesn’t provide
> much that cannot be achieved already with existing event kinds. But if DID
> takes off and becomes it’s own ecosystem it would be useful to be able
> interact with it via a Nostr client. I’m particularly interested in
> Verifiable Credentials (https://www.w3.org/TR/vc-data-model-2.0/), which
> builds on the idea of DIDs. Somethin akin to GPG (key delegation,
> web-of-trust) is also very interesting and useful.
>
> The reason I'm hyped about DID/VC is that we are going to need something
> like this soon, in the approaching AI deepfake/phishing hellscape. Having
> an open and unpermissioned standard for authenticity proofs and
> web-of-trust, that can carry over between platforms, would be pretty cool.
>
> I would be happy to take a stab at writing/helping out, although I’m a bit
> of an imposter here. I’m a self-taught coder with no formal CS background
> and have no idea how these processes work. I’m just interested in this
> stuff :)
>
I think you’re absolutely right!

I started with the DID method because it’d be great to have a bridge to
that set of standards—and the various extensions. Block actually explored
this path with their “Web5” effort but later discontinued it.  See:

(For a quick look at where that went: https://areweweb5yet.com/)

I’d love some help on the method if you’re up for reviewing or contributing:

https://github.com/nostr-labs/did-nostr/
<https://github.com/nostr-labs/did-nostr/tree/gh-pages>

We could also take this on as a CG work item, if no one objects, and see
what the DID folks think. I don’t think there’s a ton of work left to do.

Cheers,
Melvin


>
> Talk soon,
> Max
> On 26 Feb 2025 at 19:54 +0100, Melvin Carvalho <melvincarvalho@gmail.com>,
> wrote:
>
>
>
> st 26. 2. 2025 v 17:43 odesílatel Maximillian George <
> maximillian.george@gmail.com> napsal:
>
>> Hey Melvin, and everyone else.
>>
>> I’ve also been thinking about the possibility to issue certificates,
>> proofs and child key on Nostr, and it is in fact the reason I joined this
>> mailing list just a few days ago.
>>
>> However, I was thinking of the prospect of piggy-backing on this emerging
>> standard that the W3C is working on called Decentralized Identifiers (or
>> DID).
>>
>> I recommend digging into it, but on a high-level a DID is a URI  that
>> references an entity (in this case a Nostr public key) like so:
>>
>> did:nostr:<nostr_public_key>
>>
>> Similar to a URI, the DID resolves to an index of associated *DID
>> documents*. A *DID document* is simply a proof that is issued by the
>> holder of the public key referenced in the DID itself, and it can be pretty
>> much anything; for example an issuance certificate (or revocation
>> certificate) for a child key to enable something similar to PGP. But it
>> could also be other things, like a credential signed by multiple parties.
>>
>> What great about DIDs is that it’s already an emerging standard that can
>> be used for a lot of different things. This way we don’t need to reinvent
>> everything on Nostr, there can be one NIP to cover the whole world of DIDs.
>> There is a class of applications called "DID wallets" that could be baked
>> into a Nostr client.
>>
>> I had trouble wrapping my head around DIDs at first but I recommend
>> checking out the specs here:
>> https://www.w3.org/TR/did-1.0/
>>
>
> Hi Maximiillian & welcome!
>
> Thank you for the pointers.  I am familiar with DIDs, as I did some of the
> original work on the protocol, and my name is on that spec :)
>
> This could indeed be a logical way to go.  We've not yet registered a DID
> method, but I put this together quite quickly a while ago:
>
> https://nostr-labs.github.io/did-nostr/
>
> It could do with fleshing out a bit and having some examples or a primer.
> Especially regarding the GPG use case.
>
> In a sense, nostr already does have native decentralized identifiers in
> terms of the nostr pubkey and npub/nsec type system, and the nostr URIs.
>
> So we might ask ourselves "do we really need a DID".  I have come to the
> conclusion that it may be a useful thing to have, and an opportunity to add
> some more documentation and help guide developers.
>
> If you're interested we could do a round of work to update the work in
> progress to cover things like the GPG common use cases.  There is also some
> work going on at the W3C on schnorr signatures that I posted to the mailing
> list last week.
>
> Best
> Melvin
>
>
>>
>> Also, this conceptual map really helped me understand things better:
>>
>> https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRSafX9vlENhX3mzpE4aYAfSuIc9fk9DkPE9w&s
>>
>> All the best,
>> Max
>> On 26 Feb 2025 at 14:58 +0100, Melvin Carvalho <melvincarvalho@gmail.com>,
>> wrote:
>>
>> I've been playing around with the idea of Subkeys for nostr.  These are
>> similar to GPG subkeys but could have several advantages as I have outlined
>> below.  Subkeys themselves have multiple use cases, though, and GPG is just
>> one.
>>
>>
>> https://dev.to/melvincarvalho/could-nostr-subkeys-replace-gpg-a-simple-powerful-alternative-for-the-modern-web-aa0
>>
>>
Received on Thursday, 27 February 2025 11:25:01 UTC