diff --git a/xx.md b/xx.md new file mode 100644 index 00000000..299d755a --- /dev/null +++ b/xx.md @@ -0,0 +1,70 @@ +NIP-X +===== + +Secure Profiles +------ + +`draft` `optional` + +This NIP defines a protocol to secure user profile metadata (`kind 0`) with attestations of tags, keys and values. Users can verify other users' profile metadata with a public or private attestations. + +This has several advantages: +* Protection of the impersonation of user profiles. It's possible to verify a user profile without following them. +* An ability to verify different values of the metadata as a user or through a user's web-of-trust. This could be useful for various spam mitigation and filtering techniques. +* Post-compromise security of a profile. The verified NIP-05 nostr address and other values can remain original. This could expand to have additional pubkeys for a profile to help determine honesty. +* Ability to expand into a naming system for (.onion addresses, nostr addresses and etc). +* Granularity, not all metadata is verified, any tag or key/value can be verified and duplicated in the attestation. + +## User Metadata Attestation Event + +This is a parameterized replaceable event with kind `30050`. This is an attestation for another user's metadata (`kind 0`). This will help a user record what public key is associated with what `display_name`, `nip05`, `website` and other metadata. The attestation can be _public_ or _private_. + +Public: +```js +{ + "kind": 30050, + "pubkey": "", + "tags": [ + ["d", ""], + ["p", ""], + ["p", ""], + ["attestation", JSONStringify({ + "pubkey": "" + "tags": [], + "content": { + "": "", + "": "" + } + })] + ], + "content": "" +} +``` + +Private: +```js + "kind": 30050, + "pubkey": "", + "tags": [ + ["d", ""], + ["attestation", JSONStringify({ + "pubkey": "" + "tags": [], + "content": { + "": "", + "": "" + } + })] + ])) +``` + +* For a _public_ attestation: + * The `d` tag and a `p` tag MUST include a public key for the attested to metadata. + * Another `p` tag SHOULD be included if there was a predecessor public key. This helps to inform other users of a link between the predecessor public and a successor public key. + * The `attestations` tag MUST include JSON serialized copy of the attested to event pubkey, tags and content of the `kind 0` event. It is a partial copy of the `kind 0` event. +* For a _private_ attestation: + * The `d` tag MUST be an encrypted and hashed version of the public key (hex encoding of a sha256 hash of an encrypted, with NIP-44, of the public key). + * The `p`, `metadata` and `attestations` tags, as the same as the public attestation, MUST be JSON serialized and NIP-44 encrypted in the content field.