mirror of
https://github.com/nostr-protocol/nips.git
synced 2024-12-23 00:45:53 -05:00
Add note about identity of Credential not changing
This commit is contained in:
parent
1f8a177425
commit
db1825b6d7
6
104.md
6
104.md
|
@ -86,9 +86,9 @@ Changes to an MLS group are affected by first creating one or more `Proposal` ev
|
|||
|
||||
## MLS Credentials
|
||||
|
||||
A `Credential` in MLS is an assertion of who the user is coupled with a signing key. When constructing `Credentials` for MLS, clients MUST use the `BasicCredential` type and set the `identity` value as the 32-byte hex-encoded public key of the user's Nostr identity key.
|
||||
A `Credential` in MLS is an assertion of who the user is coupled with a signing key. When constructing `Credentials` for MLS, clients MUST use the `BasicCredential` type and set the `identity` value as the 32-byte hex-encoded public key of the user's Nostr identity key. Clients MUST not allow users to change the identity field and MUST validate that all `Proposal` messages do not attempt to change the identity field on any credential in the group.
|
||||
|
||||
A `Credential` also has an associated signing key. The initial signing key for a user is included in the KeyPackage event. The signing key MUST be different from the user's Nostr identity key. This signing key will be rotated over time to provide improved post-compromise security.
|
||||
A `Credential` also has an associated signing key. The initial signing key for a user is included in the KeyPackage event. The signing key MUST be different from the user's Nostr identity key. This signing key SHOULD be rotated over time to provide improved post-compromise security.
|
||||
|
||||
## KeyPackage Event and Signing Keys
|
||||
|
||||
|
@ -98,6 +98,8 @@ KeyPackages SHOULD be used only once. Reuse of KeyPackage Events can lead to rep
|
|||
|
||||
The signing key (the public key included in the KeyPackage Event) is used for signing within the group that adds a new user via the KeyPackage Event. Therefore, clients implementing this NIP MUST ensure that they retain access to the private key material of the signing key for each group they are a member of.
|
||||
|
||||
In addition, the signing key MUST not be the same as the user's Nostr identity key.
|
||||
|
||||
### Example KeyPackage Event
|
||||
|
||||
```json
|
||||
|
|
Loading…
Reference in New Issue
Block a user