Replies (24)

ManiMe's avatar
ManiMe manime@npub.bar 2 years ago
Timed deletion (post expiration) as an option for the group would give affordance for some level of β€œpost compromise” security, yes? #skipthemoon
1 replies ↓
ManiMe's avatar
ManiMe manime@npub.bar 2 years ago
I’m so on #teamhodlbod !! But I do see a major UX challenge ahead in handling key rotations. Asking all members to (I’m not even sure…) confirm some dialogue every time a key is rotated? That’s not gonna work. Do I have this right? Any thoughts?
1 replies ↓
cloud fodder and 121 others's avatar
cloud fodder and 121 others cloudfodder@rogue.earth 2 years ago
well, if you want to support deleting, the best i've come up with is a specially crafted 1984 with the event id only, when the relay sees this from a moderator, it just deletes.. im a fan of deleting, not all info should last forever. if you want that, break out the papyrus 🀌
ManiMe's avatar
ManiMe manime@npub.bar 2 years ago
But this looks to need acknowledgment from the user of accepting the new key? That’s gonna be problematic… if rotating keys is an essential (possibly daily or more) aspect of group management. Is this right?
2 replies ↓
Niel Liesmons's avatar
Niel Liesmons 2 years ago
This is exciting! Love seeing the other tabs (calendar, market, ...) in there. Also, group members can make certain post public and others private within the same group? πŸ€”
1 replies ↓
α΄›Κœα΄‡ α΄…α΄‡α΄€α΄›Κœ ᴏꜰ α΄ΚŸα΄‡α΄‹α΄œ's avatar
α΄›Κœα΄‡ α΄…α΄‡α΄€α΄›Κœ ᴏꜰ α΄ΚŸα΄‡α΄‹α΄œ me@mleku.dev 2 years ago
Are you using the simple mechanism that I used with Indra - the messages include a return address, in this case a pubkey to use in a reply? It just seems so obvious to do this, and clients and relays store all the messages, it's really a client side thing to implement. The state is on the relay this way, no need to complicate the client, it just looks for the events tied to the pubkey, finds messages, decrypts them, finds other keys to use to find DMs, requests them, etc. I don't see the exact reason for the need of any other complications other than anonymization, which I think is best kept out of the protocol, because anonymous relaying is very easy to abuse (see recent Tor hidden service spam problem). With a scheme like this, only the relays are privileged to know who is asking for what pubkeys. This is the thing that Tor defends against (or other proxy/VPN). It does not expose chains of messages to casual inspection by querying for DMs for a pubkey. It would also be quite simple to have relays require auth on the pubkey to fetch DMs, also. I don't follow your work that closely but I always appreciate it and use your client religiously. Nobody else makes it as well, although there's a few abandoned pieces in the interface you maybe should remove until they get actual use (soviet memes are dead lol).
1 replies ↓
hodlbod's avatar
hodlbod hodlbod@coracle.social 2 years ago
I'm not quite sure what you're describing here, the summary is that I use the inbox model to send shared keys to members. Those invites have relay hints to help them find the group. Everything is wrapped using the nip 59 draft. You can read the spec here:
GitHub
Add closed communities by staab Β· Pull Request #875 Β· nostr-protocol/nips
This is an attempt at superseding #706 and incorporating existing NIPs for community definitions and member lists. The design is worse in many ways...
 Thanks for liking coracle! The new release removes several old features which I hope to revisit later.
1 replies ↓
hodlbod's avatar
hodlbod hodlbod@coracle.social 2 years ago
In theory, currently I don't have a affordance for that. I think it's most useful for group admins, e.g. a discussion post for a publicly released podcast episode vs for a member q&a.
↑