diff options
| author | Pablo Fernandez <p@f7z.io> | 2023-10-19 11:04:46 +0300 |
|---|---|---|
| committer | Pablo Fernandez <p@f7z.io> | 2023-10-19 11:40:49 +0300 |
| commit | 3b1d74e116230e7f37effd108536943557633472 (patch) | |
| tree | 8acafc2fd810c467ad11d8a34ee178b90714aa26 | |
| parent | b3920f76b4f8adde785de785153b49e92be75f35 (diff) | |
update README
| -rw-r--r-- | 41.md | 10 | ||||
| -rw-r--r-- | README.md | 3 |
2 files changed, 10 insertions, 3 deletions
| @@ -76,13 +76,17 @@ When users who follow the old pubkey see a `kind:1777` event they SHOULD: | |||
| 76 | 76 | ||
| 77 | After validating all these checks clients SHOULD replace the old pubkey in the user's follow list with the new one. | 77 | After validating all these checks clients SHOULD replace the old pubkey in the user's follow list with the new one. |
| 78 | 78 | ||
| 79 | ### Notes | 79 | ## Notes |
| 80 | 80 | ||
| 81 | #### Rational behind the 30 days delay | 81 | ### Rational behind the 30 days delay |
| 82 | This gives enough time for a user to notice a migration request published by an attacker and gives the user enough time to publish a competing migration request pointing to an earlier `kind:1776` whitelisting event. | 82 | This gives enough time for a user to notice a migration request published by an attacker and gives the user enough time to publish a competing migration request pointing to an earlier `kind:1776` whitelisting event. |
| 83 | 83 | ||
| 84 | #### Preventing unpublished evil `kind:1777` attack | 84 | ### Preventing unpublished evil `kind:1777` attack |
| 85 | Clients should keep track of when a `kind:1777` event should take into effect, counting at least 30 days from the time of seeing the event and not trusting the event timestamp. This is to prevent an attacker creating an evil `kind:1776`, its attestation, and a `kind:1777` event with its attestation and not publishing them until the 30 days of the attestation have elapsed. | 85 | Clients should keep track of when a `kind:1777` event should take into effect, counting at least 30 days from the time of seeing the event and not trusting the event timestamp. This is to prevent an attacker creating an evil `kind:1776`, its attestation, and a `kind:1777` event with its attestation and not publishing them until the 30 days of the attestation have elapsed. |
| 86 | 86 | ||
| 87 | #### Preventing poorly-distributed evil `kind:1777` attack | 87 | #### Preventing poorly-distributed evil `kind:1777` attack |
| 88 | Additionally, clients SHOULD broadcast the `kind:1777` events to the relays it normally writes to. This is to prevent an attacker from creating a short-lived NIP-65 relay list where only a subset of users will see an evil `kind:1777` event but not widespread enough for the real owner to notice it. | 88 | Additionally, clients SHOULD broadcast the `kind:1777` events to the relays it normally writes to. This is to prevent an attacker from creating a short-lived NIP-65 relay list where only a subset of users will see an evil `kind:1777` event but not widespread enough for the real owner to notice it. |
| 89 | |||
| 90 | ### Future Work | ||
| 91 | |||
| 92 | Key migration can be done in multiple ways. This is an initial implementation that can work. This mechanism should be extended with other, alternative mechanisms, that can leverage different flows/tradeoffs (e.g. social recovery). \ No newline at end of file | ||
| @@ -50,6 +50,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos | |||
| 50 | - [NIP-38: User Statuses](38.md) | 50 | - [NIP-38: User Statuses](38.md) |
| 51 | - [NIP-39: External Identities in Profiles](39.md) | 51 | - [NIP-39: External Identities in Profiles](39.md) |
| 52 | - [NIP-40: Expiration Timestamp](40.md) | 52 | - [NIP-40: Expiration Timestamp](40.md) |
| 53 | - [NIP-41: Identity rotation](41.md) | ||
| 53 | - [NIP-42: Authentication of clients to relays](42.md) | 54 | - [NIP-42: Authentication of clients to relays](42.md) |
| 54 | - [NIP-45: Counting results](45.md) | 55 | - [NIP-45: Counting results](45.md) |
| 55 | - [NIP-46: Nostr Connect](46.md) | 56 | - [NIP-46: Nostr Connect](46.md) |
| @@ -93,6 +94,8 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos | |||
| 93 | | `1063` | File Metadata | [94](94.md) | | 94 | | `1063` | File Metadata | [94](94.md) | |
| 94 | | `1311` | Live Chat Message | [53](53.md) | | 95 | | `1311` | Live Chat Message | [53](53.md) | |
| 95 | | `1040` | OpenTimestamps | [03](03.md) | | 96 | | `1040` | OpenTimestamps | [03](03.md) | |
| 97 | | `1776` | Key Migration Whitelist | [41](41.md) | | ||
| 98 | | `1777` | Key Migration | [41](41.md) | | ||
| 96 | | `1984` | Reporting | [56](56.md) | | 99 | | `1984` | Reporting | [56](56.md) | |
| 97 | | `1985` | Label | [32](32.md) | | 100 | | `1985` | Label | [32](32.md) | |
| 98 | | `4550` | Community Post Approval | [72](72.md) | | 101 | | `4550` | Community Post Approval | [72](72.md) | |