It is clearly said to be private keys and was pushed as such.
I did not say NIP-44 did not resolve ANY significant problems, but it glossed over much more critical ones. All of the attacks that are possible on NIP-04 are unrealistic in reality, but the attack that an application can ask to decrypt lists and then siphon off all your DMs is very real.
NIP-04 was poorly designed, but saying that I am acting malicious for showing you that:
- part of the push for it was based on lies
- that the risks were falsely marketed
- that the paper's attacks on NIP-04 assume major flaws in implementation (no signature checking)
is bullshit.
I did not say NIP-44 did not resolve ANY significant problems, but it glossed over much more critical ones. All of the attacks that are possible on NIP-04 are unrealistic in reality, but the attack that an application can ask to decrypt lists and then siphon off all your DMs is very real.
NIP-04 was poorly designed, but saying that I am acting malicious for showing you that:
- part of the push for it was based on lies
- that the risks were falsely marketed
- that the paper's attacks on NIP-04 assume major flaws in implementation (no signature checking)
is bullshit.