Open spcxta opened 1 year ago
Yes.
This could be solved by putting the authorized nostrPubkey (signed by R) inside the zap note or zap request
This could be solved by putting the authorized nostrPubkey (signed by R) inside the zap note or zap request
As I suggested in #224, it would be better for each user to have the option to put multiple zap provider URLs along with their pubkeys inside their metadata event.
My 2 sats on this issue:
in order to retain previously received zaps, maybe one could define a new event type for explicitly authorizing old zaps via
e
tags and/or oldnostrPubkey
s viap
tags, in the 10000-19999 (replaceable) or 30000-39999 (parameterized replaceable) range.
The idea being that for easy migration you just add the nostrPubkey
, but if you no longer trust that key, there's the option to authorize old zaps individually.
Given:
So if nostrPubkey for R is changed for any reason (switching “provider”, zapper key rotation, …), old zaps can’t be authorized and won’t be displayed in clients anymore?