So, what you are saying is that we should dismiss the work and give credit to lousy, outdated schemes that we know are a risk just because nip44 didn't solve a problem that is not even theirs to solve?
I think you are being malicious. You are clearly mixing responsibilities between distinct security layers to muddle the waters, confuse everyone and make a point based on a grudge you had with the developer. It's just sad.
Replies (2)
Can you please show me which sentence is saying that we should dismiss NIP-44 and stick with NIP-04? Or that I have any reason to have something against Paul?
NIP-44 was pushed on false premises.
NIP-04 is not great.
But the risks of it are not as much as an immediate threat as there being no way to control encryption access, and intent confusion where the same encrypted blobs could be reused in different places with different meanings.
This could have been addressed by the spec via inclusion of AD.
Just read this entire conversation. You keep suggesting that nip44 did nip04 dirty even though it is clearly better. I have never seen you advocating *cleanly* for NIP-44. You always write as if you wanted NIP-04 back, which will never happen. I don't know why you do this, but you do. It's very clear. I think you like to have grudges and those trump any rational analysis on the debate.
