Replies (45)
WHO WILL RUN THE MINTS???
View quoted note →> users with registered accounts
What is an account here? It's not an npub, right?
Can be anything that supports OpenID Connect, so nostr auth could work too (if someone would build it).
How does one become a “registered user”?
Kyc AML mints coming soon™️
LFG
We could use nostr as a OIDC provider?
Yessssss please
👀👀
Most definitely, but your ecash txs within that mint are still private. I'm not sure if there's much/any privacy when making LN payments in and out of the mint.
OpenID Connect
Sounds like it’d work nice with nostr
Interesting
Hello, i want to make a translation for cashu.me wallet where i can do this ?
What's JWT and JWS?
should probably be defined in the nut
Java Web Tokens? 🤮
lfg
There is Authentication and there is authorization. Does this scheme limit access to some "class" of users without knowing their identities? If it does, how do you gain access without the openid provider knowing their identity?
James Web Telescope? 👀
I don't think this does what you want it to do, or am I missing something?
Malory creates CAT.
Malory presents CAT and mints BATs.
Malory sends BAT to Eve.
Eve presents BAT in her request for protected endpoint.
Malory and Eve cannot rely on the mint to enforce double spending protections, but they can still copy and paste the BAT.
As I understood openid, there needs to be a call back from the open id service to the application - the mint in our case. We should look into how much of a leak this is. Also, please correct me if I am wrong about the call back from open id service provider to the application.
Remember all the people who reposted or liked this note because they are clowns who support KYC and censorship.
We should explore decentralised identity here instead.
Decentralized Identifiers (DIDs) v1.0
Decentralized identifiers (DIDs) are a new type of identifier that
enables verifiable, decentralized digital identity. A DID refers to any
subject ...
OpenID providers are centralised ID providers who devour any data we send to them. Let's try to avoid doing that.
Unless, again, I am missing something.
Feel free to open a PR
Yes I'm well aware of that and that there's likely no way to prevent that so we made it a feature: Eve can receive a token from Mallory's mint if it includes a BAT, which she can use to melt the token.
Pretty much the same as before. Mint can't rug individually, doesn't know your balance, can't stop transactions etc. Any mint can shotgun KYC its users though.
Just to clarify what I meant: you can definitely help by coding up what you mean. We discussed DIDs a long time ago but nobody has stepped up.and done the work.
We don't bikeshed hypotheticals and we don't merge specs that aren't implemented in code.
we can log in with a lightning wallet, can we do that here too?
OpenID Connect works with any conceivable login method
Why not something like a ring signature or equivalent ZK proof?
A ring signature would be easily censorable
Also, it's not a problem that. BATs can be transferred. Just do it, we encourage doing it.
(BATs also have a bigger anon set)
What stops a mint from stealing all the funds?
What are the benefits to restrict usage of the mint? Maybe an example, because I don't see who benefits. Thanks! 👍
you need to use a real blockchain for that. they're down the hall and to the left.
Corporations and governments will benefit from it.
Nice KYC'ed privacy with ecash? I'm confused
Imagine this:
- you want to provide LN/ecash services to your family and friends
-you don't want to know who is doing what payments, to offer them better privacy
- You end up running an ecash mint
- you don't want any rando to be able to use/abuse your mint
- you need auth (preferably blinded)
Also know this:
- It's an optional spec
- No one is forced to add auth to their mint
- you are not forced to use a mint that implements auth
Auth has a lot of drawbacks for ecash mints, but in some cases it is an absolute requirement
If governments and corps will use ecash, i will be thrilled. It's better than the other shit they are trying to force on us anyway.
It won't affect me much, since I will try to avoid their stuff as much as I can, but at least it would be an improvement for the fiat pleb
Corporations (custodians) will use it to get more users and it's an attack on self custody. A disrespect for the developers trying to improve self custody.
Governments will use it to target other mints that do not comply.
Even if optional, providing a tool built in the protocol shows the intent. It is possible for a pool initiator in to add such requirements for others who join the pool but they won't be part of joinstr protocol as it's not defined in the protocol.
This also makes it easier to censor users and collect information that affects their privacy.
imagine signal but for your bank account
@gandlaf21 like signal but for your bank account
But in order to get there we need a PPLNS pool with enough hashrate to regularly produce blocks. Right now
@npub1qtvl...7dze is the only game in town. DEMAND pool is ramping up. Can't wait for those guys to launch!
It will be a tougher sell to get an existing large pool on board but I am hopeful that we can talk some sense into them. If we can get Foundry to offer PPLNS services it's game over for Antpool.
I expect a KYC PPLNS system will be essential to get a large public mining pool on board. Great news! The cashu community is already building this capability. I think we're winning. 😎🤙
The spec is now open for discussion: 
