I don't think you can say "this is complete nonsense" and "this has since been fixed" in the same comment. Also: don't use ECC signatures as MACs. Signatures are not MACs.

▲

nbngeorcjhe 5 days ago | parent | next [-]

> Also: don't use ECC signatures as MACs. Signatures are not MACs.

Could you explain more? What are the downsides of a signature vs. a MAC here?

▲

nout 5 days ago | parent | prev [-]

He says "this is complete nonsense" specifically about the statement quoted. Not about the whole report.

▲

tptacek 5 days ago | parent [-]

They're saying that about a concrete claim the paper makes that they concede in the next paragraph.

	▲	nout 5 days ago \| parent [-]
		I don't want to speak for Will, but from my read he is specifically highlighting that "The event protocol that drives the system doesn't authenticate public keys" is the nonsense, because the protocol specifies that clients validate signatures on events using the public keys. This makes sense in nostr, because anyone at any point can mint new public key and start posting events and other people are free to start following them, from which point they can ensure that the new events are coming from the person holding the same private key. And this is what relays and clients do.