It’s still a quivering mass of code. I need to spec it out more formally. It’s more of a scheme than a protocol. I need to add in the extra step for the PQC KEM, but you can get the gist here https://github.com/trbouma/safebox/blob/dev-quantum/docs/NAUTH-PROTOCOL.md

A key point here is that the #nauth protocol uses https/TLS as a publicly available road - not as the secure delivery vehicle as does #OAuth. This is basically a state/agent-resistant protocol. Using relays as the secure transmittal backbone, it can punch through, route around anything.

#Snowshoestr

Every safebox instance has its own private key. You can associate it with an owner pubkey (or not) . You can have as many safeboxes as you wish - they are all first class citizens on the nostr network.

Asymmetric cryptography > Asymmetric capture

👀

I prefer the notion of sole-control over self-custody. Self-custody still sounds like a service model. It sounds like a feature inside someone else’s system. Sole-control is clearer and more honest: one key, one authority, one locus of action. No intermediaries implied. No silent guardians. Just the reality that control either rests with you, or it doesn’t.

Yes!

Yeah, it's bad. Top marks for for keeping his composure. As a guest, it's not good form to attack your host for asking a question, regardless of whatever you think the motivation might be. I got the sense that there is blood in the water.

A simple block diagram on how two instances of #nostr #safebox instances dynamically interact with one another. I have successfully de-coupled the interaction so that each user interacts with their https server only and all interactions are marshalled through relays. For example the QR that is scanned contains only the #nauth information required to create the channel - the npub, the relays to listen on etc. What is really cool is that I can have a #nostr #safebox running as localhost, behind a firewall, and it can communicate seamlessly with any other nostr safebox on the planet, automatically. Throw in WebSockets, I have full-duplex dynamic interaction channels intermediated via relays. For fun, I might add in real-time chat (but not to replace ) Plus the added bonus - I decided to bite the bullet on integrating post-quantum algorithms, so no PQC-FUD. The next major lift is integrating Blossom blob support. I have mapped out the approach and plan to add the same PQC-resistant scheme for encrypting the blobs. Onward!

The #nstrprise

Note to self: Add this term to the ever-expanding bad #nostr neologisms: —- nstrprise (n): An organizational entity that uses the Nostr protocol as the basis for its digital capabilities.