Merge branch 'master' into master

2024-09-21 07:15:50 -04:00 · 2023-04-06 21:24:58 +09:00 · 2023-04-06 21:24:58 +09:00 · 900268c51a
commit 900268c51a
parent 4d22b2d41b e219ec6470
20 changed files with 659 additions and 96 deletions
--- a/01.md
+++ b/01.md
@ -22,7 +22,7 @@ The only object type that exists is the `event`, which has the following format
  "kind": <integer>,
  "tags": [
    ["e", <32-bytes hex of the id of another event>, <recommended relay URL>],
-    ["p", <32-bytes hex of the key>, <recommended relay URL>],
+    ["p", <32-bytes hex of a pubkey>, <recommended relay URL>],
    ... // other kinds of tags may be included later
  ],
  "content": <arbitrary string>,
@ -89,7 +89,7 @@ The `limit` property of a filter is only valid for the initial query and can be
 Relays can send 2 types of messages, which must also be JSON arrays, according to the following patterns:
  * `["EVENT", <subscription_id>, <event JSON as defined above>]`, used to send events requested by clients.
-  * `["NOTICE", <message>]`, used to send human-readable error messages or other things to clients.
+  * `["NOTICE", <message>]`, used to send human-readable error messages or other things to clients. 
 This NIP defines no rules for how `NOTICE` messages should be sent or treated.
--- a/02.md
+++ b/02.md
@ -22,6 +22,7 @@ For example:
  ],
  "content": "",
  ...other fields
 }
 ```
 Every new contact list that gets published overwrites the past ones, so it should contain all entries. Relays and clients SHOULD delete past contact lists as soon as they receive a new one.
--- a/04.md
+++ b/04.md
@ -20,15 +20,15 @@ Code sample for generating such an event in JavaScript:
 ```js
 import crypto from 'crypto'
-import * as secp from 'noble-secp256k1'
+import * as secp from '@noble/secp256k1'
 let sharedPoint = secp.getSharedSecret(ourPrivateKey, '02' + theirPublicKey)
-let sharedX = sharedPoint.substr(2, 64)
+let sharedX = sharedPoint.slice(1, 33)
 let iv = crypto.randomFillSync(new Uint8Array(16))
 var cipher = crypto.createCipheriv(
  'aes-256-cbc',
-  Buffer.from(sharedX, 'hex'),
+  Buffer.from(sharedX),
  iv
 )
 let encryptedMessage = cipher.update(text, 'utf8', 'base64')
@ -43,3 +43,11 @@ let event = {
  content: encryptedMessage + '?iv=' + ivBase64
 }
 ```
 ## Security Warning
 This standard does not go anywhere near what is considered the state-of-the-art in encrypted communication between peers, and it leaks metadata in the events, therefore it must not be used for anything you really need to keep secret, and only with relays that use `AUTH` to restrict who can fetch your `kind:4` events.
 ## Client Implementation Warning
 Client's *should not* search and replace public key or note references from the `.content`. If processed like a regular text note (where `@npub...` is replaced with `#[0]` with a `["p", "..."]` tag) the tags are leaked and the mentioned user will receive the message in their inbox.
--- a/06.md
+++ b/06.md
@ -8,8 +8,8 @@ Basic key derivation from mnemonic seed phrase
 [BIP39](https://bips.xyz/39) is used to generate mnemonic seed words and derive a binary seed from them.
-[BIP32](https://bips.xyz/32) is used to derive the path `m/44'/1237'/0'/0/0` (according to the Nostr entry on [SLIP44](https://github.com/satoshilabs/slips/blob/master/slip-0044.md)).
+[BIP32](https://bips.xyz/32) is used to derive the path `m/44'/1237'/<account>'/0/0` (according to the Nostr entry on [SLIP44](https://github.com/satoshilabs/slips/blob/master/slip-0044.md)).
-This is the default for a basic, normal, single-key client.
+A basic client can simply use an `account` of `0` to derive a single key. For more advanced use-cases you can increment `account`, allowing generation of practically infinite keys from the 5-level path with hardened derivation.
 Other types of clients can still get fancy and use other derivation paths for their own other purposes.
--- a/07.md
+++ b/07.md
@ -24,7 +24,9 @@ async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext
 ### Implementation
 - [horse](https://github.com/fiatjaf/horse) (Chrome and derivatives)
 - [nos2x](https://github.com/fiatjaf/nos2x) (Chrome and derivatives)
 - [Alby](https://getalby.com) (Chrome and derivatives, Firefox, Safari)
 - [Blockcore](https://www.blockcore.net/wallet) (Chrome and derivatives)
 - [nos2x-fox](https://diegogurpegui.com/nos2x-fox/) (Firefox)
 - [Flamingo](https://www.getflamingo.org/) (Chrome and derivatives)
--- a/08.md
+++ b/08.md
@ -1,10 +1,12 @@
 > __Warning__  `unrecommended`: deprecated in favor of NIP-27
 NIP-08
 ======
 Handling Mentions
 -----------------
-`final` `optional` `author:fiatjaf` `author:scsibug`
+`final` `unrecommended` `optional` `author:fiatjaf` `author:scsibug`
 This document standardizes the treatment given by clients of inline mentions of other events and pubkeys inside the content of `text_note`s.
@ -15,3 +17,5 @@ Once a mention is identified, for example, the pubkey `27866e9d854c78ae625b867ee
 The same process applies for mentioning event IDs.
 A client that receives a `text_note` event with such `#[index]` mentions in its `.content` CAN do a search-and-replace using the actual contents from the `.tags` array with the actual pubkey or event ID that is mentioned, doing any desired context augmentation (for example, linking to the pubkey or showing a preview of the mentioned event contents) it wants in the process.
 Where `#[index]` has an `index` that is outside the range of the tags array or points to a tag that is not an `e` or `p` tag or a tag otherwise declared to support this notation, the client MUST NOT perform such replacement or augmentation, but instead display it as normal text.
--- a/11.md
+++ b/11.md
@ -4,7 +4,7 @@ NIP-11
 Relay Information Document
 ---------------------------
-`draft` `optional` `author:scsibug`
+`draft` `optional` `author:scsibug` `author:doc-hex` `author:cameri`
 Relays may provide server metadata to clients to inform them of capabilities, administrative contacts, and various server attributes.  This is made available as a JSON document over HTTP, on the same URI as the relay's websocket.
@ -56,3 +56,200 @@ The relay server implementation MAY be provided in the `software` attribute.  If
 ### Version ###
 The relay MAY choose to publish its software version as a string attribute.  The string format is defined by the relay implementation.  It is recommended this be a version number or commit identifier.
 Extra Fields
 -----------------
 ### Server Limitations ###
 These are limitations imposed by the relay on clients. Your client
 should expect that requests which exceed these *practical* limitations
 are rejected or fail immediately.
 ```json
 {
 ...
  limitation: {
        max_message_length: 16384,
        max_subscriptions: 20,
        max_filters: 100,
        max_limit: 5000,
        max_subid_length: 100,
        min_prefix: 4,
        max_event_tags: 100,
        max_content_length: 8196,
        min_pow_difficulty: 30,
        auth_required: true,
        payment_required: true,
  }
 ...
 }
 ```
 - `max_message_length`: this is the maximum number of bytes for incoming JSON that the relay
 will attempt to decode and act upon. When you send large subscriptions, you will be
 limited by this value. It also effectively limits the maximum size of any event. Value is
 calculated from `[` to `]` and is after UTF-8 serialization (so some unicode characters
 will cost 2-3 bytes). It is equal to the maximum size of the WebSocket message frame.
 - `max_subscriptions`: total number of subscriptions that may be
 active on a single websocket connection to this relay. It's possible
 that authenticated clients with a (paid) relationship to the relay
 may have higher limits.
 - `max_filters`: maximum number of filter values in each subscription.
 Must be one or higher.
 - `max_subid_length`: maximum length of subscription id as a string.
 - `min_prefix`: for `authors` and `ids` filters which are to match against
 a hex prefix, you must provide at least this many hex digits in the prefix.
 - `max_limit`: the relay server will clamp each filter's `limit` value to this number.
 This means the client won't be able to get more than this number
 of events from a single subscription filter. This clamping is typically done silently
 by the relay, but with this number, you can know that there are additional results
 if you narrowed your filter's time range or other parameters.
 - `max_event_tags`: in any event, this is the maximum number of elements in the `tags` list.
 - `max_content_length`: maximum number of characters in the `content`
 field of any event. This is a count of unicode characters. After
 serializing into JSON it may be larger (in bytes), and is still
 subject to the `max_message_length`, if defined.
 - `min_pow_difficulty`: new events will require at least this difficulty of PoW, 
 based on [NIP-13](13.md), or they will be rejected by this server.
 - `auth_required`: this relay requires [NIP-42](42.md) authentication
 to happen before a new connection may perform any other action.
 Even if set to False, authentication may be required for specific actions.
 - `payment_required`: this relay requires payment before a new connection may perform any action.
 ### Event Retention ###
 There may be a cost associated with storing data forever, so relays 
 may wish to state retention times. The values stated here are defaults
 for unauthenticated users and visitors. Paid users would likely have
 other policies.
 Retention times are given in seconds, with `null` indicating infinity.
 If zero is provided, this means the event will not be stored at
 all, and preferably an error will be provided when those are received.
 ```json
 {
 ...
  retention: [
    { kinds: [0, 1, [5, 7], [40, 49]], time: 3600 },
    { kinds: [[40000, 49999], time: 100 },
    { kinds: [[30000, 39999], count: 1000 },
    { time: 3600, count: 10000 }
  ]
 ...
 }
 ```
 `retention` is a list of specifications: each will apply to either all kinds, or 
 a subset of kinds. Ranges may be specified for the kind field as a tuple of inclusive
 start and end values. Events of indicated kind (or all) are then limited to a `count`
 and or time period.
 It is possible to effectively blacklist Nostr-based protocols that rely on
 a specific `kind` number, by giving a retention time of zero for those `kind` values.
 While that is unfortunate, it does allow clients to discover servers that will
 support their protocol quickly via a single HTTP fetch.
 There is no need to specify retention times for _ephemeral events_ as defined
 in [NIP-16](16.md) since they are not retained.
 ### Content Limitations ###
 Some relays may be governed by the arbitrary laws of a nation state. This
 may limit what content can be stored in cleartext on those relays. All
 clients are encouraged to use encryption to work around this limitation.
 It is not possible to describe the limitations of each country's laws
 and policies which themselves are typically vague and constantly shifting.
 Therefore, this field allows the relay operator to indicate which
 country's' laws might end up being enforced on them, and then
 indirectly on their users's content.
 Users should be able to avoid relays in countries they don't like,
 and/or select relays in more favourable zones. Exposing this
 flexibility is up to the client software.
 ```json
 {
 ...
  relay_countries: [ 'CA', 'US' ],
 ...
 }
 ```
 - `relay_countries`: a list of two-level ISO country codes (ISO 3166-1 alpha-2)  whose
  laws and policies may affect this relay. `EU` may be used for European Union countries.
 Remember that a relay may be hosted in a country which is not the
 country of the legal entities who own the relay, so it's very
 likely a number of countries are involved.
 ### Community Preferences ###
 For public text notes at least, a relay may try to foster a
 local community. This would encourage users to follow the global
 feed on that relay, in addition to their usual individual follows.
 To support this goal, relays MAY specify some of the following values.
 ```json
 {
 ...
  language_tags: [ 'en', 'en-419' ],
  tags: [ 'sfw-only', 'bitcoin-only', 'anime' ],
  posting_policy: 'https://example.com/posting-policy.html',
 ...
 }
 ```
 - `language_tags` is an ordered list
  of [IETF language tags](https://en.wikipedia.org/wiki/IETF_language_tag) indicating
  the major languages spoken on the relay.
 - `tags` is a list of limitations on the topics to be discussed.
  For example `sfw-only` indicates hat only "Safe For Work" content
  is encouraged on this relay. This relies on assumptions of what the
  "work" "community" feels "safe" talking about. In time, a common
  set of tags may emerge that allow users to find relays that suit
  their needs, and client software will be able to parse these tags easily.
  The `bitcoin-only` tag indicates that any *altcoin*, *"crypto"* or *blockchain*
  comments will be ridiculed without mercy.
 - `posting_policy` is a link to a human-readable page which specifies the
  community policies for the relay. In cases where `sfw-only` is True, it's
  important to link to a page which gets into the specifics of your posting policy.
 The `description` field should be used to describe your community
 goals and values, in brief. The `posting_policy` is for additional
 detail and legal terms. Use the `tags` field to signify limitations
 on content, or topics to be discussed, which could be machine
 processed by appropriate client software.
 ### Pay-To-Relay ###
 Relays that require payments may want to expose their fee schedules.
 ```json
 {
 ...
  payments_url: "https://my-relay/payments",
  fees: {
    "admission": [{ amount: 1000000, unit: 'msats' }],
    "subscription": [{ amount: 5000000, unit: 'msats', period: 2592000 }],
    "publication": [{ kinds: [4], amount: 100, unit: 'msats' }],
  },
 ...
 }
--- a/16.md
+++ b/16.md
@ -16,7 +16,9 @@ Upon a regular event being received, the relay SHOULD send it to all clients wit
 Replaceable Events
 ------------------
 A *replaceable event* is defined as an event with a kind `10000 <= n < 20000`.
-Upon a replaceable event with a newer timestamp than the currently known latest replaceable event with the same kind being received, and signed by the same key, the old event SHOULD be discarded and replaced with the newer event.
+Upon a replaceable event with a newer timestamp than the currently known latest replaceable event with the same kind and author being received, the old event SHOULD be discarded,
 effectively replacing what gets returned when querying for
 `author:kind` tuples.
 Ephemeral Events
 ----------------
--- a/18.md
+++ b/18.md
@ -0,0 +1,25 @@
 NIP-18
 ======
 Reposts
 -------
 `draft` `optional` `author:jb55` `author:fiatjaf` `author:arthurfranca`
 A repost is a `kind 6` note that is used to signal to followers
 that another event is worth reading.
 The `content` of a repost event is empty. Optionally, it MAY contain
 the stringified JSON of the reposted note event for quick look up.
 The repost event MUST include an `e` tag with the `id` of the note that is
 being reposted. That tag MUST include a relay URL as its third entry
 to indicate where it can be fetched.
 The repost SHOULD include a `p` tag with the `pubkey` of the event being
 reposted.
 ## Quote Reposts
 Quote reposts are `kind 1` events with an embedded `e` tag (see [NIP-08](08.md) and [NIP-27](27.md)).
 Because a quote repost includes an `e` tag, it may show up along replies to the reposted note.
--- a/19.md
+++ b/19.md
@ -46,14 +46,14 @@ These possible standardized `TLV` types are indicated here:
    - for `nrelay`, this is the relay URL
    - for `naddr`, it is the identifier (the `"d"` tag) of the event being referenced
 - `1`: `relay`
-  - for `nprofile`, `nevent` and `naddr`, a relay in which the entity (profile or event) is more likely to be found, encoded as ascii
+  - for `nprofile`, `nevent` and `naddr`, _optionally_, a relay in which the entity (profile or event) is more likely to be found, encoded as ascii
  - this may be included multiple times
 - `2`: `author`
  - for `naddr`, the 32 bytes of the pubkey of the event
  - for `nevent`, _optionally_, the 32 bytes of the pubkey of the event
 - `3`: `kind`
  - for `naddr`, the 32-bit unsigned integer of the kind, big-endian
 ## Examples
 - `npub10elfcs4fr0l0r8af98jlmgdh9c8tcxjvz9qkw038js35mp4dma8qzvjptg` should decode into the public key hex `7e7e9c42a91bfef19fa929e5fda1b72e0ebc1a4c1141673e2794234d86addf4e` and vice-versa
--- a/23.md
+++ b/23.md
@ -6,7 +6,7 @@ Long-form Content
 `draft` `optional` `author:fiatjaf`
-This NIP defines `kind:30023` (a parameterized replaceable event according to NIP-33) for long-form text content, generally referred to as "articles" or "blog posts".
+This NIP defines `kind:30023` (a parameterized replaceable event according to [NIP-33](33.md)) for long-form text content, generally referred to as "articles" or "blog posts".
 "Social" clients that deal primarily with `kind:1` notes should not be expected to implement this NIP.
@ -31,17 +31,11 @@ These articles are meant to be editable, so they should make use of the replacea
 ### Linking
-The article may be linked to using the NIP-19 `naddr` code along with the `"a"` tag (see NIP-33 and NIP-19).
+The article may be linked to using the NIP-19 `naddr` code along with the `"a"` tag (see [NIP-33](33.md) and [NIP-19](19.md)).
 ### References
-Clients that support publishing NIP-23 events should implement support for parsing pasted NIP-19 `naddr` identifiers and adding them automatically to the list of `.tags` of the event, replacing the actual content with a string like `#[tag_index]` in the same way as NIP-08 -- or, if the reference is in the form of a URL (for example, `[click here](naddr1...)`) then they should be replaced with just the tag number directly as if link with that name existed at the bottom of the Markdown (for example, `[click here][0]`).
+References to other Nostr notes, articles or profiles must be made according to [NIP-27](27.md), i.e. by using [NIP-21](21.md) `nostr:...` links and optionally adding tags for these (see example below).
 Reader clients should parse the Markdown and replace these references with either internal links so the referenced events can be accessed directly, with NIP-21 `nostr:naddr1...` links or direct links to web clients that will handle these references.
 The idea here is that having these tags is that reader clients can display a list of backreferences at the bottom when one article mentions another.
 The same principles can be applied to `nevent1...`, `note1...`, `nprofile1...` or `npub1...`.
 ## Example Event
@ -49,7 +43,7 @@ The same principles can be applied to `nevent1...`, `note1...`, `nprofile1...` o
 {
  "kind": 30023,
  "created_at": 1675642635,
-  "content": "Lorem [ipsum][4] dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.\n\nRead more at #[3].",
+  "content": "Lorem [ipsum][nostr:nevent1qqst8cujky046negxgwwm5ynqwn53t8aqjr6afd8g59nfqwxpdhylpcpzamhxue69uhhyetvv9ujuetcv9khqmr99e3k7mg8arnc9] dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.\n\nRead more at nostr:naddr1qqzkjurnw4ksz9thwden5te0wfjkccte9ehx7um5wghx7un8qgs2d90kkcq3nk2jry62dyf50k0h36rhpdtd594my40w9pkal876jxgrqsqqqa28pccpzu.",
  "tags": [
    ["d", "lorem-ipsum"],
    ["title", "Lorem Ipsum"],
--- a/27.md
+++ b/27.md
@ -0,0 +1,54 @@
 NIP-27
 ======
 Text Note References
 --------------------
 `draft` `optional` `author:arthurfranca` `author:hodlbod` `author:fiatjaf`
 This document standardizes the treatment given by clients of inline references of other events and profiles inside the `.content` of any event that has readable text in its `.content` (such as kinds 1 and 30023).
 When creating an event, clients should include mentions to other profiles and to other events in the middle of the `.content` using NIP-21 codes, such as `nostr:nprofile1qqsw3dy8cpu...6x2argwghx6egsqstvg`.
 Including [NIP-10](10.md)-style tags (`["e", <hex-id>, <relay-url>, <marker>]`) for each reference is optional, clients should do it whenever they want the profile being mentioned to be notified of the mention, or when they want the referenced event to recognize their mention as a reply.
 A reader client that receives an event with such `nostr:...` mentions in its `.content` can do any desired context augmentation (for example, linking to the profile or showing a preview of the mentioned event contents) it wants in the process. If turning such mentions into links, they could become internal links, NIP-21 links or direct links to web clients that will handle these references.
 ---
 ## Example of a profile mention process
 Suppose Bob is writing a note in a client that has search-and-autocomplete functionality for users that is triggered when they write the character `@`.
 As Bob types `"hello @mat"` the client will prompt him to autocomplete with [mattn's profile](https://gateway.nostr.com/p/2c7cc62a697ea3a7826521f3fd34f0cb273693cbe5e9310f35449f43622a5cdc), showing a picture and name.
 Bob presses "enter" and now he sees his typed note as `"hello @mattn"`, `@mattn` is highlighted, indicating that it is a mention. Internally, however, the event looks like this:
 ```json
 {
  "content": "hello nostr:nprofile1qqszclxx9f5haga8sfjjrulaxncvkfekj097t6f3pu65f86rvg49ehqj6f9dh",
  "created_at": 1679790774,
  "id": "f39e9b451a73d62abc5016cffdd294b1a904e2f34536a208874fe5e22bbd47cf",
  "kind": 1,
  "pubkey": "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
  "sig": "f8c8bab1b90cc3d2ae1ad999e6af8af449ad8bb4edf64807386493163e29162b5852a796a8f474d6b1001cddbaac0de4392838574f5366f03cc94cf5dfb43f4d",
  "tags": [
    [
      "p",
      "2c7cc62a697ea3a7826521f3fd34f0cb273693cbe5e9310f35449f43622a5cdc"
    ]
  ]
 }
 ```
 (Alternatively, the mention could have been a `nostr:npub1...` URL.)
 After Bob publishes this event and Carol sees it, her client will initially display the `.content` as it is, but later it will parse the `.content` and see that there is a `nostr:` URL in there, decode it, extract the public key from it (and possibly relay hints), fetch that profile from its internal database or relays, then replace the full URL with the name `@mattn`, with a link to the internal page view for that profile.
 ## Verbose and probably unnecessary considerations
 - The example above was very concrete, but it doesn't mean all clients have to implement the same flow. There could be clients that do not support autocomplete at all, so they just allow users to paste raw [NIP-19](19.md) codes into the body of text, then prefix these with `nostr:` before publishing the event.
 - The flow for referencing other events is similar: a user could paste a `note1...` or `nevent1...` code and the client will turn that into a `nostr:note1...` or `nostr:nevent1...` URL. Then upon reading such references the client may show the referenced note in a preview box or something like that -- or nothing at all.
 - Other display procedures can be employed: for example, if a client that is designed for dealing with only `kind:1` text notes sees, for example, a [`kind:30023`](23.md) `nostr:naddr1...` URL reference in the `.content`, it can, for example, decide to turn that into a link to some hardcoded webapp capable of displaying such events.
 - Clients may give the user the option to include or not include tags for mentioned events or profiles. If someone wants to mention `mattn` without notifying them, but still have a nice augmentable/clickable link to their profile inside their note, they can instruct their client to _not_ create a `["p", ...]` tag for that specific mention.
 - In the same way, if someone wants to reference another note but their reference is not meant to show up along other replies to that same note, their client can choose to not include a corresponding `["e", ...]` tag for any given `nostr:nevent1...` URL inside `.content`. Clients may decide to expose these advanced functionalities to users or be more opinionated about things.
--- a/28.md
+++ b/28.md
@ -9,7 +9,7 @@ Public Chat
 This NIP defines new event kinds for public chat channels, channel messages, and basic client-side moderation.
-It reserves five event kinds (40-44) for immediate use and five event kinds (45-49) for future use.
+It reserves five event kinds (40-44) for immediate use:
 - `40 - channel create`
 - `41 - channel metadata`
@ -84,6 +84,7 @@ Reply to another message:
 {
    "content": <string>,
    "tags": [
        ["e", <kind_40_event_id>, <relay-url>, "root"],
        ["e", <kind_42_event_id>, <relay-url>, "reply"],
        ["p", <pubkey>, <relay-url>],
        ...
@ -138,12 +139,6 @@ For [NIP-10](10.md) relay recommendations, clients generally SHOULD use the rela
 Clients MAY recommend any relay URL. For example, if a relay hosting the original kind 40 event for a channel goes offline, clients could instead fetch channel data from a backup relay, or a relay that clients trust more than the original relay.
 Future extensibility
 --------------------
 We reserve event kinds 45-49 for other events related to chat, to potentially include new types of media (photo/video), moderation, or support of private or group messaging.
 Motivation
 ----------
 If we're solving censorship-resistant communication for social media, we may as well solve it also for Telegram-style messaging.
--- a/33.md
+++ b/33.md
@ -14,8 +14,10 @@ The value of a tag is defined as the first parameter of a tag after the tag name
 A *parameterized replaceable event* is defined as an event with a kind `30000 <= n < 40000`.
 Upon a parameterized replaceable event with a newer timestamp than the currently known latest
-replaceable event with the same kind and first `d` tag value being received, the old event
+replaceable event with the same kind, author and first `d` tag value being received, the old event
-SHOULD be discarded and replaced with the newer event.
+SHOULD be discarded, effectively replacing what gets returned when querying for
 `author:kind:d-tag` tuples.
 A missing or a `d` tag with no value should be interpreted equivalent to a `d` tag with the
 value as an empty string. Events from the same author with any of the following `tags`
 replace each other:
@ -26,7 +28,7 @@ replace each other:
 * `"tags":[["d",""],["d","not empty"]]`: only first `d` tag is considered
 * `"tags":[["d"],["d","some value"]]`: only first `d` tag is considered
 * `"tags":[["e"]]`: same as no tags
-* `"tags":[["d","test","1"]]`: only the value is considered (`test`)
+* `"tags":[["d","","1"]]`: only the first value is considered (`""`)
 Clients SHOULD NOT use `d` tags with multiple values and SHOULD include the `d` tag even if it has no value to allow querying using the `#d` filter.
--- a/39.md
+++ b/39.md
@ -0,0 +1,66 @@
 NIP-39
 ======
 External Identities in Profiles
 -------------------------------
 `draft` `optional` `author:pseudozach` `author:Semisol`
 ## Abstract
 Nostr protocol users may have other online identities such as usernames, profile pages, keypairs etc. they control and they may want to include this data in their profile metadata so clients can parse, validate and display this information.
 ## `i` tag on a metadata event
 A new optional `i` tag is introduced for `kind 0` metadata event contents in addition to name, about, picture fields as included in [NIP-01](https://github.com/nostr-protocol/nips/blob/master/01.md):
 ```json
 {
    "id": <id>,
    "pubkey": <pubkey>,
    ...
    "tags": [
        ["i", "github:semisol", "9721ce4ee4fceb91c9711ca2a6c9a5ab"],
        ["i", "twitter:semisol_public", "1619358434134196225"],
        ["i", "mastodon:bitcoinhackers.org/@semisol", "109775066355589974"]
        ["i", "telegram:1087295469", "nostrdirectory/770"]
    ]
 }
 ```
 An `i` tag will have two parameters, which are defined as the following:
 1. `platform:identity`: This is the platform name (for example `github`) and the identity on that platform (for example `semisol`) joined together with `:`.
 2. `proof`: String or object that points to the proof of owning this identity.
 Clients SHOULD process any `i` tags with more than 2 values for future extensibility.  
 Identity provider names SHOULD only include `a-z`, `0-9` and the characters `._-/` and MUST NOT include `:`.  
 Identity names SHOULD be normalized if possible by replacing uppercase letters with lowercase letters, and if there are multiple aliases for an entity the primary one should be used.  
 ## Claim types
 ### `github`
 Identity: A GitHub username.
 Proof: A GitHub Gist ID. This Gist should be created by `<identity>` with a single file that has the text `Verifying that I control the following Nostr public key: <npub encoded public key>`.  
 This can be located at `https://gist.github.com/<identity>/<proof>`.
 ### `twitter`
 Identity: A Twitter username.
 Proof: A Tweet ID. The tweet should be posted by `<identity>` and have the text `Verifying my account on nostr My Public Key: "<npub encoded public key>"`.  
 This can be located at `https://twitter.com/<identity>/status/<proof>`.
 ### `mastodon`
 Identity: A Mastodon instance and username in the format `<instance>/@<username>`.
 Proof: A Mastodon post ID. This post should be published by `<username>@<instance>` and have the text `Verifying that I control the following Nostr public key: "<npub encoded public key>"`.
 This can be located at `https://<identity>/<proof>`.
 ### `telegram`
 Identity: A Telegram user ID.
 Proof: A string in the format `<ref>/<id>` which points to a message published in the public channel or group with name `<ref>` and message ID `<id>`. This message should be sent by user ID `<identity>` and have the text `Verifying that I control the following Nostr public key: "<npub encoded public key>"`.  
 This can be located at `https://t.me/<proof>`.
--- a/45.md
+++ b/45.md
@ -0,0 +1,31 @@
 NIP-45
 ======
 Event Counts
 --------------
 `draft` `optional` `author:staab`
 Relays may support the `COUNT` verb, which provide a mechanism for obtaining event counts.
 ## Motivation
 Some queries a client may want to execute against connected relays are prohibitively expensive, for example, in order to retrieve follower counts for a given pubkey, a client must query all kind-3 events referring to a given pubkey and count them. The result may be cached, either by a client or by a separate indexing server as an alternative, but both options erode the decentralization of the network by creating a second-layer protocol on top of Nostr.
 ## Filters and return values
 This NIP defines a verb called `COUNT`, which accepts a subscription id and a filter as specified in [NIP 01](01.md).
 Counts are returned using a `COUNT` response in the form `{count: <integer>}`. Relays may use probabilistic counts to reduce compute requirements.
 Examples:
 ```
 # Followers count
 ["COUNT", "", {kinds: [3], '#p': [<pubkey>]}]
 ["COUNT", "", {count: 238}]
 # Count posts and reactions
 ["COUNT", "", {kinds: [1, 7], authors: [<pubkey>]}]
 ["COUNT", "", {count: 5}]
 ```
--- a/46.md
+++ b/46.md
@ -67,7 +67,7 @@ These are mandatory methods the remote signer app MUST implement:
  - result `pubkey` 
 - **sign_event**
  - params [`event`]
-  - result `signature` 
+  - result `event_with_signature` 
 #### optional
@ -151,7 +151,7 @@ The `content` field contains encrypted message as specified by [NIP04](https://g
 1. The **App** will send a message to the **Signer** with a `sign_event` request along with the **event** to be signed
 2. The **Signer** will show a popup to the user to inspect the event and sign it
-3. The **Signer** will send back a message with the schnorr `signature` of the event as a response to the `sign_event` request
+3. The **Signer** will send back a message with the event including the `id` and the schnorr `signature` as a response to the `sign_event` request
 ### Delegate
--- a/51.md
+++ b/51.md
@ -0,0 +1,112 @@
 NIP-51
 ======
 Lists
 -------------------------
 `draft` `optional` `author:fiatjaf` `author:arcbtc` `author:monlovesmango` `author:eskema` `depends:33`
 A "list" event is defined as having a list of public and/or private tags. Public tags will be listed in the event `tags`. Private tags will be encrypted in the event `content`. Encryption for private tags will use [NIP-04 - Encrypted Direct Message](04.md) encryption, using the list author's private and public key for the shared secret. A distinct event kind should be used for each list type created.
 If a list type should only be defined once per user (like the 'Mute' list), the list type's events should follow the specification for [NIP-16 - Replaceable Events](16.md). These lists may be referred to as 'replaceable lists'.
 Otherwise the list type's events should follow the specification for [NIP-33 - Parameterized Replaceable Events](33.md), where the list name will be used as the 'd' parameter. These lists may be referred to as 'parameterized replaceable lists'.
 ## Replaceable List Event Example
 Lets say a user wants to create a 'Mute' list and has keys:
 ```
 priv: fb505c65d4df950f5d28c9e4d285ee12ffaf315deef1fc24e3c7cd1e7e35f2b1
 pub: b1a5c93edcc8d586566fde53a20bdb50049a97b15483cb763854e57016e0fa3d
 ```
 The user wants to publicly include these users:
 ```json
 ["p", "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"],
 ["p", "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"]
 ```
 and privately include these users (below is the JSON that would be encrypted and placed in the event content):
 ```json
 [
    ["p", "9ec7a778167afb1d30c4833de9322da0c08ba71a69e1911d5578d3144bb56437"],
    ["p", "8c0da4862130283ff9e67d889df264177a508974e2feb96de139804ea66d6168"]
 ]
 ```
 Then the user would create a 'Mute' list event like below:
 ```json
 {
  "kind": 10000,
  "tags": [
    ["p", "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"],
    ["p", "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"],
  ],
  "content": "VezuSvWak++ASjFMRqBPWS3mK5pZ0vRLL325iuIL4S+r8n9z+DuMau5vMElz1tGC/UqCDmbzE2kwplafaFo/FnIZMdEj4pdxgptyBV1ifZpH3TEF6OMjEtqbYRRqnxgIXsuOSXaerWgpi0pm+raHQPseoELQI/SZ1cvtFqEUCXdXpa5AYaSd+quEuthAEw7V1jP+5TDRCEC8jiLosBVhCtaPpLcrm8HydMYJ2XB6Ixs=?iv=/rtV49RFm0XyFEwG62Eo9A==",
  ...other fields
 }
 ```
 ## Parameterized Replaceable List Event Example
 Lets say a user wants to create a 'Categorized People' list of `nostr` people and has keys:
 ```
 priv: fb505c65d4df950f5d28c9e4d285ee12ffaf315deef1fc24e3c7cd1e7e35f2b1
 pub: b1a5c93edcc8d586566fde53a20bdb50049a97b15483cb763854e57016e0fa3d
 ```
 The user wants to publicly include these users:
 ```json
 ["p", "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"],
 ["p", "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"]
 ```
 and privately include these users (below is the JSON that would be encrypted and placed in the event content):
 ```json
 [
    ["p", "9ec7a778167afb1d30c4833de9322da0c08ba71a69e1911d5578d3144bb56437"],
    ["p", "8c0da4862130283ff9e67d889df264177a508974e2feb96de139804ea66d6168"]
 ]
 ```
 Then the user would create a 'Categorized People' list event like below:
 ```json
 {
  "kind": 30000,
  "tags": [
    ["d", "nostr"],
    ["p", "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"],
    ["p", "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"],
  ],
  "content": "VezuSvWak++ASjFMRqBPWS3mK5pZ0vRLL325iuIL4S+r8n9z+DuMau5vMElz1tGC/UqCDmbzE2kwplafaFo/FnIZMdEj4pdxgptyBV1ifZpH3TEF6OMjEtqbYRRqnxgIXsuOSXaerWgpi0pm+raHQPseoELQI/SZ1cvtFqEUCXdXpa5AYaSd+quEuthAEw7V1jP+5TDRCEC8jiLosBVhCtaPpLcrm8HydMYJ2XB6Ixs=?iv=/rtV49RFm0XyFEwG62Eo9A==",
  ...other fields
 }
 ```
 ## List Event Kinds
 | kind   | list type               |
 | ------ | ----------------------- |
 | 10000  | Mute                    |
 | 10001  | Pin                     |
 | 30000  | Categorized People      |
 | 30001  | Categorized Bookmarks   |
 ### Mute List
 An event with kind `10000` is defined as a replaceable list event for listing content a user wants to mute. Any standarized tag can be included in a Mute List.
 ### Pin List
 An event with kind `10001` is defined as a replaceable list event for listing content a user wants to pin. Any standarized tag can be included in a Pin List.
 ### Categorized People List
 An event with kind `30000` is defined as a parameterized replaceable list event for categorizing people. The 'd' parameter for this event holds the category name of the list. The tags included in these lists MUST follow the format of kind 3 events as defined in [NIP-02 - Contact List and Petnames](02.md).
 ### Categorized Bookmarks List
 An event with kind `30001` is defined as a parameterized replaceable list event for categorizing bookmarks. The 'd' parameter for this event holds the category name of the list. Any standarized tag can be included in a Categorized Bookmarks List.
--- a/57.md
+++ b/57.md
@ -6,69 +6,139 @@ Lightning Zaps
 `draft` `optional` `author:jb55` `author:kieran`
-This NIP defines a new note type called a lightning zap of kind `9735`. These represent paid lightning invoice receipts sent by a lightning node called the `zapper`. We also define another note type of kind `9734` which are `zap request` notes, which will be described in this document.
+This NIP defines two new event types for recording lightning payments between users. `9734` is a `zap request`, representing a payer's request to a recipient's lightning wallet for an invoice. `9735` is a `zap receipt`, representing the confirmation by the recipient's lightning wallet that the invoice issued in response to a zap request has been paid.
 Having lightning receipts on nostr allows clients to display lightning payments from entities on the network. These can be used for fun or for spam deterrence.
 ## Definitions
 `zapper` - the lightning node or service that sends zap notes (kind `9735`)
 `zap request` - a note of kind `9734` created by the person zapping
 `zap invoice` - the bolt11 invoice fetched from a custom lnurl endpoint which contains a `zap request` note
 ## Protocol flow
-### Client side
+1. Client calculates a recipient's lnurl pay request url from the `zap` tag on the event being zapped (see Appendix G), or by decoding their lud06 or lud16 field on their profile according to the [lnurl specifications](https://github.com/lnurl/luds). The client MUST send a GET request to this url and parse the response. If `allowsNostr` exists and it is `true`, and if `nostrPubkey` exists and is a valid BIP 340 public key in hex, the client should associate this information with the user, along with the response's `callback`, `minSendable`, and `maxSendable` values.
 2. Clients may choose to display a lightning zap button on each post or on a user's profile. If the user's lnurl pay request endpoint supports nostr, the client SHOULD use this NIP to request a zap receipt rather than a normal lnurl invoice.
 3. When a user (the "sender") indicates they want to send a zap to another user (the "recipient"), the client should create a `zap request` event as described in Appendix A of this NIP and sign it.
 4. Instead of publishing the `zap request`, the `9734` event should instead be sent to the `callback` url received from the lnurl pay endpoint for the recipient using a GET request. See Appendix B for details and an example.
 5. The recipient's lnurl server will receive this request and validate it. See Appendix C for details on how to properly configure an lnurl server to support zaps, and Appendix D for details on how to validate the `nostr` query parameter.
 6. If the request is valid, the server should fetch a description hash invoice where the description is this note and this note only. No additional lnurl metadata is included in the description. This will be returned in the response according to [LUD06](https://github.com/lnurl/luds/blob/luds/06.md).
 7. On receiving the invoice, the client MAY pay it or pass it to an app that can pay the invoice.
 8. Once the invoice is paid, the recipient's lnurl server MUST generate a `zap receipt` as described in Appendix E, and publish it to the `relays` specified in the `zap request`.
 9. Clients MAY fetch zap notes on posts and profiles, but MUST authorize their validity as described in Appendix F. If the zap request note contains a non-empty `content`, it may display a zap comment. Generally clients should show users the `zap request` note, and use the `zap note` to show "zap authorized by ..." but this is optional.
-1. Calculate the lnurl pay request url for a user from the lud06 or lud16 field on their profile
+## Reference and examples
-2. Fetch the lnurl pay request static endpoint (`https://host.com/.well-known/lnurlp/user`) and gather the `allowsNostr` and `nostrPubkey` fields. If `allowsNostr` exists and it is `true`, and if `nostrPubkey` exists and is a valid BIP 340 public key, associate this information with the user. The `nostrPubkey` is the `zapper`'s pubkey, and it is used to authorize zaps sent to that user.
+### Appendix A: Zap Request Event
-3. Clients may choose to display a lightning zap button on each post or on the users profile, if the user's lnurl pay request endpoint supports nostr, the client SHOULD generate a `zap invoice` instead of a normal lnurl invoice.
+A `zap request` is an event of kind `9734` that is _not_ published to relays, but is instead sent to a recipient's lnurl pay `callback` url. This event's `content` MAY be an optional message to send along with the payment. The event MUST include the following tags:
-4. To generate a `zap invoice`, call the `callback` url with `amount` set to the milli-satoshi amount value. A `nostr` querystring value MUST be set as well. It is a uri-encoded `zap request` note signed by the user's key. The `zap request` note contains an `e` tag of the note it is zapping, and a `p` tag of the target user's pubkey. The `e` tag is optional which allows profile tipping. An optional `a` tag allows tipping parameterized replaceable events such as NIP-23 long-form notes. The `zap request` note must also have a `relays` tag, which is gathered from the user's configured relays. The `zap request` note SHOULD contain an `amount` tag, which is the milli-satoshi value of the zap which clients SHOULD verify being equal to the amount of the invoice. The `content` MAY be an additional comment from the user which can be displayed when listing zaps on posts and profiles.
+- `relays` is a list of relays the recipient's wallet should publish its `zap receipt` to. Note that relays should not be nested in an additional list, but should be included as shown in the example below.
 - `amount` is the amount in _millisats_ the sender intends to pay, formatted as a string. This is recommended, but optional.
 - `lnurl` is the lnurl pay url of the recipient, encoded using bech32 with the prefix `lnurl`. This is recommended, but optional.
 - `p` is the hex-encoded pubkey of the recipient.
-5. Pay this invoice or pass it to an app that can pay the invoice. Once it's paid, a `zap note` will be created by the `zapper`.
+In addition, the event MAY include the following tags:
-### LNURL Server side
+- `e` is an optional hex-encoded event id. Clients MUST include this if zapping an event rather than a person.
 - `a` is an optional NIP-33 event coordinate that allows tipping parameterized replaceable events such as NIP-23 long-form notes.
 Example:
 ```json
 {
  "kind": 9734,
  "content": "Zap!",
  "tags": [
    ["relays", "wss://nostr-pub.wellorder.com"],
    ["amount", "21000"],
    ["lnurl", "lnurl1dp68gurn8ghj7um5v93kketj9ehx2amn9uh8wetvdskkkmn0wahz7mrww4excup0dajx2mrv92x9xp"],
    ["p", "04c915daefee38317fa734444acee390a8269fe5810b2241e5e6dd343dfbecc9"],
    ["e", "9ae37aa68f48645127299e9453eb5d908a0cbb6058ff340d528ed4d37c8994fb"]
  ],
  "pubkey": "97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322",
  "created_at": 1679673265,
  "id": "30efed56a035b2549fcaeec0bf2c1595f9a9b3bb4b1a38abaf8ee9041c4b7d93",
  "sig": "f2cb581a84ed10e4dc84937bd98e27acac71ab057255f6aa8dfa561808c981fe8870f4a03c1e3666784d82a9c802d3704e174371aa13d63e2aeaf24ff5374d9d"
 }
 ```
 ### Appendix B: Zap Request HTTP Request
 A signed zap request event is not published, but is instead sent using a HTTP GET request to the recipient's `callback` url, which was provided by the recipient's lnurl pay endpoint. This request should have the following query parameters defined:
 - `amount` is the amount in _millisats_ the sender intends to pay
 - `nostr` is the `9734` zap request event, JSON encoded then URI encoded
 - `lnurl` is the lnurl pay url of the recipient, encoded using bech32 with the prefix `lnurl`
 This request should return a JSON response with a `pr` key, which is the invoice the sender must pay to finalize his zap. Here is an example flow:
 ```javascript
 const senderPubkey // The sender's pubkey
 const recipientPubkey = // The recipient's pubkey
 const callback = // The callback received from the recipients lnurl pay endpoint
 const lnurl = // The recipient's lightning address, encoded as a lnurl
 const sats = 21
 const amount = sats * 1000
 const relays = ['wss://nostr-pub.wellorder.net']
 const event = encodeURI(JSON.stringify(await signEvent({
  kind: [9734],
  content: "",
  pubkey: senderPubkey,
  created_at: Math.round(Date.now() / 1000),
  tags: [
    ["relays", ...relays],
    ["amount", amount.toString()],
    ["lnurl", lnurl],
    ["p", recipientPubkey],
  ],
 })))
 const {pr: invoice} = await fetchJson(`${callback}?amount=${amount}&nostr=${event}&lnurl=${lnurl}`)
 ```
 ### Appendix C: LNURL Server Configuration
 The lnurl server will need some additional pieces of information so that clients can know that zap invoices are supported:
-1. Add a `nostrPubkey` to the lnurl-pay static endpoint `/.well-known/lnurlp/user`, where `nostrPubkey` is the nostr pubkey of the `zapper`, the entity that creates zap notes. Clients will use this to authorize zaps.
+1. Add a `nostrPubkey` to the lnurl-pay static endpoint `/.well-known/lnurlp/<user>`, where `nostrPubkey` is the nostr pubkey your server will use to sign `zap receipt` events. Clients will use this to validate zap receipts.
 2. Add an `allowsNostr` field and set it to true.
-3. In the lnurl-pay callback URL, watch for a `nostr` querystring, where the contents of the note is a uri-encoded `zap request` JSON.
+### Appendix D: LNURL Server Zap Request Validation
-4. If present, the zap request note must be validated:
+When a client sends a zap request event to a server's lnurl-pay callback URL, there will be a `nostr` query parameter where the contents of the event are URI- and JSON-encoded. If present, the zap request event must be validated in the following ways:
-	a. It MUST have a valid nostr signature
+1. It MUST have a valid nostr signature
 2. It MUST have tags
 3. It MUST have only one `p` tag
 4. It MUST have 0 or 1 `e` tags
 5. There should be a `relays` tag with the relays to send the `zap` note to.
 6. If there is an `amount` tag, it MUST be equal to the `amount` query parameter.
 7. If there is an `a` tag, it MUST be a valid NIP-33 event coordinate
-	b. It MUST have tags
+The event MUST then be stored for use later, when the invoice is paid.
-	c. It MUST have at least one p-tag
+### Appendix E: Zap Receipt Event
-	d. It MUST have either 0 or 1 e-tag
+A `zap receipt` is created by a lightning node when an invoice generated by a `zap request` is paid. Zap receipts are only created when the invoice description (committed to the description hash) contains a zap request note.
-	e. There should be a `relays` tag with the relays to send the `zap` note to.
+When receiving a payment, the following steps are executed:
-	f. If there is an `amount` tag, it MUST be equal to the `amount` query parameter.
+1. Get the description for the invoice. This needs to be saved somewhere during the generation of the description hash invoice. It is saved automatically for you with CLN, which is the reference implementation used here.
 2. Parse the bolt11 description as a JSON nostr event. This SHOULD be validated based on the requirements in Appendix D, either when it is received, or before the invoice is paid.
 3. Create a nostr event of kind `9735` as described below, and publish it to the `relays` declared in the zap request.
-	g. If there is an `a` tag, it MUST be a valid NIP-33 event coordinate
+The following should be true of the zap receipt event:
-5. If valid, fetch a description hash invoice where the description is this note and this note only. No additional lnurl metadata is included in the description.
+- The content SHOULD be empty.
 - The `created_at` date SHOULD be set to the invoice `paid_at` date for idempotency.
 - `tags` MUST include the `p` tag AND optional `e` tag from the zap request.
 - The zap receipt MUST have a `bolt11` tag containing the description hash bolt11 invoice.
 - The zap receipt MUST contain a `description` tag which is the JSON-encoded invoice description.
 - `SHA256(description)` MUST match the description hash in the bolt11 invoice.
 - The zap receipt MAY contain a `preimage` tag to match against the payment hash of the bolt11 invoice. This isn't really a payment proof, there is no real way to prove that the invoice is real or has been paid. You are trusting the author of the zap receipt for the legitimacy of the payment.
-At this point, the lightning node is ready to send the zap note once payment is received.
+The zap receipt is not a proof of payment, all it proves is that some nostr user fetched an invoice. The existence of the zap receipt implies the invoice as paid, but it could be a lie given a rogue implementation.
-## The zap note
+A reference implementation for a zap-enabled lnurl server can be found [here](https://github.com/jb55/cln-nostr-zapper).
-Zap notes are created by a lightning node reacting to paid invoices. Zap notes are only created when the invoice description (committed to the description hash) contains a `zap request` note.
+Example zap receipt:
 Example zap note:
 ```json
 {
@ -115,37 +185,25 @@ Example zap note:
 The zap note is not a proof of payment, all it proves is that some nostr user fetched an invoice. The existence of the zap note implies the invoice as paid, but it could be a lie given a rogue implementation.
 ### Appendix F: Validating Zap Receipts
-### Creating a zap note
+A client can retrieve `zap receipts` on events and pubkeys using a NIP-01 filter, for example `{"kinds": [9735], "#e": [...]}`. Zaps MUST be validated using the following steps:
-When receiving a payment, the following steps are executed:
+- The `zap receipt` event's `pubkey` MUST be the same as the recipient's lnurl provider's `nostrPubkey` (retrieved in step 1 of the protocol flow).
 - The `invoiceAmount` contained in the `bolt11` tag of the `zap receipt` MUST equal the `amount` tag of the `zap request` (if present).
 - The `lnurl` tag of the `zap request` (if present) SHOULD equal the recipient's `lnurl`.
-1. Get the description for the invoice. This needs to be saved somewhere during the generation of the description hash invoice. It is saved automatically for you with CLN, which is the reference implementation used here.
+### Appendix G: `zap` tag on zapped event
-2. Parse the bolt11 description as a JSON nostr note. You SHOULD check the signature of the parsed note to ensure that it is valid. This is the `zap request` note created by the entity who is zapping.
+When an event includes a `zap` tag, clients SHOULD calculate the lnurl pay request based on it's value instead of the profile's field. An optional third argument on the tag specifies the type of value, either `lud06` or `lud16`.
-4. The note MUST have only one `p` tag
+```json
-
+{
-5. The note MUST have 0 or 1 `e` tag
+    "tags": [
-
+        [ "zap", "pablo@f7z.io", "lud16" ]
-6. Create a nostr note of kind `9735` that includes the `p` tag AND optional `e` tag. The content SHOULD be empty. The created_at date SHOULD be set to the invoice paid_at date for idempotency.
+    ]
-
+}
-7. Send the note to the `relays` declared in the `zap request` note from the invoice description.
+```
 A reference implementation for the zapper is here: [zapper][zapper]
 [zapper]: https://github.com/jb55/cln-nostr-zapper
 ## Client Behavior
 Clients MAY fetch zap notes on posts and profiles:
 `{"kinds": [9735], "#e": [...]}`
 To authorize these notes, clients MUST fetch the `nostrPubkey` from the users configured lightning address or lnurl and ensure that the zaps to their posts were created by this pubkey. If clients don't do this, anyone could forge unauthorized zaps.
 Once authorized, clients MAY tally zaps on posts, and list them on profiles. If the zap request note contains a non-empty `content`, it may display a zap comment. Generally clients should show users the `zap request` note, and use the `zap note` to show "zap authorized by ..." but this is optional.
 ## Future Work
--- a/README.md
+++ b/README.md
@ -9,7 +9,7 @@ NIPs stand for **Nostr Implementation Possibilities**. They exist to document wh
 - [NIP-05: Mapping Nostr keys to DNS-based internet identifiers](05.md)
 - [NIP-06: Basic key derivation from mnemonic seed phrase](06.md)
 - [NIP-07: `window.nostr` capability for web browsers](07.md)
- [NIP-08: Handling Mentions](08.md)
+- [NIP-08: Handling Mentions](08.md) – `unrecommended`: deprecated in favor of [NIP-27](27.md)
 - [NIP-09: Event Deletion](09.md)
 - [NIP-10: Conventions for clients' use of `e` and `p` tags in text events](10.md)
 - [NIP-11: Relay Information Document](11.md)
@ -18,6 +18,7 @@ NIPs stand for **Nostr Implementation Possibilities**. They exist to document wh
 - [NIP-14: Subject tag in text events.](14.md)
 - [NIP-15: End of Stored Events Notice](15.md)
 - [NIP-16: Event Treatment](16.md)
 - [NIP-18: Reposts](18.md)
 - [NIP-19: bech32-encoded entities](19.md)
 - [NIP-20: Command Results](20.md)
 - [NIP-21: `nostr:` URL scheme](21.md)
@ -25,13 +26,17 @@ NIPs stand for **Nostr Implementation Possibilities**. They exist to document wh
 - [NIP-23: Long-form Content](23.md)
 - [NIP-25: Reactions](25.md)
 - [NIP-26: Delegated Event Signing](26.md)
 - [NIP-27: Text Note References](27.md)
 - [NIP-28: Public Chat](28.md)
 - [NIP-33: Parameterized Replaceable Events](33.md)
 - [NIP-36: Sensitive Content](36.md)
 - [NIP-39: External Identities in Profiles](39.md)
 - [NIP-40: Expiration Timestamp](40.md)
 - [NIP-42: Authentication of clients to relays](42.md)
 - [NIP-45: Counting results](45.md)
 - [NIP-46: Nostr Connect](46.md)
 - [NIP-50: Keywords filter](50.md)
 - [NIP-51: Lists](51.md)
 - [NIP-56: Reporting](56.md)
 - [NIP-57: Lightning Zaps](57.md)
 - [NIP-58: Badges](58.md)
@ -40,6 +45,7 @@ NIPs stand for **Nostr Implementation Possibilities**. They exist to document wh
 - [NIP-78: Application-specific data](78.md)
 ## Event Kinds
 | kind          | description                      | NIP                     |
 | ------------- | -------------------------------- | ----------------------- |
 | 0             | Metadata                         | [1](01.md), [5](05.md)  |
@ -60,9 +66,13 @@ NIPs stand for **Nostr Implementation Possibilities**. They exist to document wh
 | 6969          | Poll                             | [69](69.md)             |
 | 9734          | Zap Request                      | [57](57.md)             |
 | 9735          | Zap                              | [57](57.md)             |
 | 10000         | Mute List                        | [51](51.md)             |
 | 10001         | Pin List                         | [51](51.md)             |
 | 10002         | Relay List Metadata              | [65](65.md)             |
 | 22242         | Client Authentication            | [42](42.md)             |
 | 24133         | Nostr Connect                    | [46](46.md)             |
 | 30000         | Categorized People List          | [51](51.md) |
 | 30001         | Categorized Bookmark List        | [51](51.md) |
 | 30008         | Profile Badges                   | [58](58.md)             |
 | 30009         | Badge Definition                 | [58](58.md)             |
 | 30023         | Long-form Content                | [23](23.md)             |
@ -81,6 +91,7 @@ NIPs stand for **Nostr Implementation Possibilities**. They exist to document wh
 | REQ   | used to request events and subscribe to new updates | [1](01.md)  |
 | CLOSE | used to stop previous subscriptions                 | [1](01.md)  |
 | AUTH  | used to send authentication events                  | [42](42.md) |
 | COUNT | used to request event counts                        | [45](45.md) |
 ### Relay to Client
 | type   | description                                             | NIP         |
@ -90,6 +101,7 @@ NIPs stand for **Nostr Implementation Possibilities**. They exist to document wh
 | EOSE   | used to notify clients all stored events have been sent | [15](15.md) |
 | OK     | used to notify clients if an EVENT was successful       | [20](20.md) |
 | AUTH   | used to send authentication challenges                  | [42](42.md) |
 | COUNT  | used to send requested event counts to clients          | [45](45.md)  |
 Please update these lists when proposing NIPs introducing new event kinds.