Closed callebtc closed 8 months ago
I wonder if the protocol should be specific about the secret. For example dictate that secret SHOULD be either a random 32-byte hex-string or serialised JSON according to NUT-10, in order to avoid fingerprinting.
ACK 9799455 happy with this change or the stronger wording or SHOULD
suggested by @Egge21M . However, I think its better not to reference optional nuts like 10 in mandatory ones.
NUT-00: Short clarification that
Proof.secret
is a UTF-8 string. The recommendation to use a hex string can be confusing since it may suggest that the byte data is signed (whereas we actually sign the string).NUT-11: Clarify that
Proof.secret
is signed as a string whereasoutput.B_
is signed as bytes.