pull down to refresh
Re:But if the client uses cache-after-verify
Cache what? That any message from a pubkey no longer needs to be verified? What's this feature?
It's a vulnerable performance optimization. See Q4 in FAQ above:
When caching events, first verify them successfully and re-compute theidfrom the event payload each time you load it; do not rely solely on a relay-supplied or previously cachedid. Vulnerable clients followed the “cache-after-verify” rule but still failed integrity checks because they cached only the id and skipped this re-computation step.
reply
I think the main cause of this is the hash being included in the message. That's the design error that puts bad ideas into people's heads.
I guess they kind of address it but probably the best thing would be to delete it from the message altogether.
reply
Based on my understanding of NIP-59, the correct approach for unwrap, unseal, render would be:
sigon the kind1059(and theptag), if no match against the givenpubkeythen discard because it's spoofed.contentof the kind1059, this results in a json string of a kind13and not an url.pubkeyto be a known sender and then thesigon the decrypted kind13message to match that key, if no match then then discard [1] - you now have authenticated the entire message includingpubkeyandcontentto be from a known contact.n(often kind14) from the previously decrypted kind13, which isn't signed, but that's ok because we've authenticated the seal.Relevant: Moxie's cryptographic doom principle
PS: Always turn off link previews if you can, and if you can't just realize you don't have any privacy.
Re:
Cache what? That any message from a pubkey no longer needs to be verified? What's this feature?
And notify your contact and everyone that wants to listen because this is a spoofing attack! Be the Karen! ↩