nostr/nips
1
0
Fork 0
mirror of https://github.com/nostr-protocol/nips.git synced 2024-09-19 14:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add note about identity of Credential not changing

Browse Source
This commit is contained in:
Jeff Gardner 2024-08-27 18:01:24 +02:00
parent 1f8a177425
commit db1825b6d7
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
104.md
View File

@ -86,9 +86,9 @@ Changes to an MLS group are affected by first creating one or more `Proposal` ev
## MLS Credentials
A `Credential` in MLS is an assertion of who the user is coupled with a signing key. When constructing `Credentials` for MLS, clients MUST use the `BasicCredential` type and set the `identity` value as the 32-byte hex-encoded public key of the user's Nostr identity key.
A `Credential` in MLS is an assertion of who the user is coupled with a signing key. When constructing `Credentials` for MLS, clients MUST use the `BasicCredential` type and set the `identity` value as the 32-byte hex-encoded public key of the user's Nostr identity key. Clients MUST not allow users to change the identity field and MUST validate that all `Proposal` messages do not attempt to change the identity field on any credential in the group.
A `Credential` also has an associated signing key. The initial signing key for a user is included in the KeyPackage event. The signing key MUST be different from the user's Nostr identity key. This signing key will be rotated over time to provide improved post-compromise security.
A `Credential` also has an associated signing key. The initial signing key for a user is included in the KeyPackage event. The signing key MUST be different from the user's Nostr identity key. This signing key SHOULD be rotated over time to provide improved post-compromise security.
## KeyPackage Event and Signing Keys
@ -98,6 +98,8 @@ KeyPackages SHOULD be used only once. Reuse of KeyPackage Events can lead to rep
The signing key (the public key included in the KeyPackage Event) is used for signing within the group that adds a new user via the KeyPackage Event. Therefore, clients implementing this NIP MUST ensure that they retain access to the private key material of the signing key for each group they are a member of.
In addition, the signing key MUST not be the same as the user's Nostr identity key.
### Example KeyPackage Event
```json