justice

Co-authored-by: fiatjaf_ <fiatjaf@gmail.com>

01.md

@@ -29,9 +29,9 @@ The only object type that exists is the `event`, which has the following format
 }
 ```
 
-To obtain the `event.id`, we `sha256` the serialized event. The serialization is done over the UTF-8 JSON-serialized string (with no white space or line breaks between the fields) of the following structure:
+To obtain the `event.id`, we `sha256` the serialized event. The serialization is done over the UTF-8 JSON-serialized string (with no white space or line breaks) of the following structure:
 
-```
+```json
 [
   0,
   <pubkey, as a lowercase hex string>,

07.md

@@ -12,7 +12,7 @@ That object must define the following methods:
 
 ```
 async window.nostr.getPublicKey(): string // returns a public key as hex
-async window.nostr.signEvent(event: { created_at: number, kind: number, tags: string[][], content: string }): Event // takes an event object, adds `id`, `pubkey` and `sig` and returns it
+async window.nostr.signEvent(event: Event): Event // takes an event object, adds `id`, `pubkey` and `sig` and returns it
 ```
 
 Aside from these two basic above, the following functions can also be implemented optionally:
@@ -34,5 +34,3 @@ async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext
 - [TokenPocket](https://www.tokenpocket.pro/) (Android, IOS, Chrome and derivatives)
 - [Nostrmo](https://github.com/haorendashu/nostrmo_faq#download) (Android, IOS)
 - [Spring Browser](https://spring.site) (Android)
-- [nodestr](https://github.com/lightning-digital-entertainment/nodestr) (NodeJS polyfill)
-- [Nostore](https://apps.apple.com/us/app/nostore/id1666553677) (Safari on iOS/MacOS)

15.md

@@ -88,7 +88,7 @@ Fields that are not self-explanatory:
     "images": <[String], array of image URLs, optional>,
     "currency": <String, currency used>,
     "price": <float, cost of product>,
-    "quantity": <int or null, available items>,
+    "quantity": <int, available items>,
     "specs": [
         [<String, spec key>, <String, spec value>]
     ],
@@ -102,7 +102,6 @@ Fields that are not self-explanatory:
 ```
 
 Fields that are not self-explanatory:
- - `quantity` can be null in the case of items with unlimited abailability, like digital items, or services
  - `specs`:
    - an optional array of key pair values. It allows for the Customer UI to present product specifications in a structure mode. It also allows comparison between products
    - eg: `[["operating_system", "Android 12.0"], ["screen_size", "6.4 inches"], ["connector_type", "USB Type C"]]`

41.md

@@ -0,0 +1,90 @@
+# NIP-41
+## Key migration
+`draft` `optional` `author:pablof7z` `author:fiatjaf` `author:nvk`
+
+This NIP introduces a simple, best-effort, not guaranteed, way in which a user can notify their followers that they have migrated to a new public key in case the current one is compromised.
+
+# Basic concepts
+* `kind:1776` whitelists a pubkey.
+* `kind:1777` migrates to a previously whitelisted pubkey.
+* `kind:1776` and `kind:1777` MUST be opentimestamped [NIP-03](https://github.com/nostr-protocol/nips/blob/master/03.md).
+* When a migration event is published, a 60-day period starts in which a user can publish a competing migration event pointing to an earlier `kind:1776` event. After this period, clients SHOULD automatically update the user's follow list to the new pubkey.
+* Relays SHOULD NOT delete `kind:1040` nor `kind:1776` events from their database upon receiving a `kind:5` event.
+
+# Flow
+## Whitelisting a pubkey
+The user's active pubkey (e.g. *pubkey A*) signs an event `kind:1776` whitelisting a pubkey that can be used to migrate an identity to.
+
+This should be done ahead of time, perhaps after a user has used Nostr enough for a few days. Clients can choose to prompt the user to "save a recovery kit" or different UXs when they see the user doesn't currently have a `kind:1776` published.
+
+The implementation can be done directly on regular clients or microapps to handle this type of thing could be implemented as well.
+
+```json
+{
+    "pubkey": "pubkey-A",
+    "kind": 1776,
+    "content": "",
+    "tags": [
+        [ "p", "pubkey-B" ],
+        [ "alt", "pubkey whitelisting event" ]
+    ]
+}
+```
+
+* `.content` SHOULD be ignored. Users might choose to use it to leave a base64 symmetrically-encrypted message of where they left the new key or anything else.
+* The event MUST have a single `p` tag listing the whitelisted pubkey.
+
+Multiple `kind:1776` events can exist. All `kind:1776` MUST be opentimestamped following [NIP-3](https://github.com/nostr-protocol/nips/blob/master/03.md).
+
+Relays SHOULD NOT delete `kind:1040` nor `kind:1776` events upon receiving a `kind:5` event.
+
+## Migrating to a pubkey
+When the user needs to change keys they sign an event `kind:1777` with the new key and creates a NIP-03 attestation.
+
+```json
+{
+    "pubkey": "pubkey-B",
+    "kind": 1777,
+    "content": "I rolled my key using libbitcoin; moving to a new one just in case",
+    "tags": [
+        [ "p", "pubkey-A" ],
+        [ "e", "<kind:1776-event-id>" ],
+        [ "proof", "<kind:1040-event-id>" ],
+        [ "alt", "pubkey migration event" ],
+        [ "relays", "relay1", "relay2" ]
+    ]
+}
+```
+
+* `p` tag MUST list the previous pubkey
+* `e` tag MUST list the `kind:1776` event that whitelisted the new pubkey.
+* `proof` tag MUST list the `kind:1040` event that provides the Opentimestamp data of the `kind:1776` event.
+* `relays` tag SHOULD list relays where both `kind:1776` and `kind:1040` events can be found.
+* `.content` SHOULD be ignored; users can optionally write a message explaining the migration.
+
+## Following the new pubkey
+Upon seeing this event, the client MAY choose to display a warning to the user that the identity is migrating to a new key. The client should not take any automated action at this point since the migration could be an attack, but the user could communicate out of band with the user to confirm the migration.
+
+After 60 days of seeing the `kind:1777` event, the client SHOULD automatically update the user's follow list to the new pubkey after some verifications:
+When users who follow the old pubkey see a `kind:1777` event they SHOULD:
+
+* check `kind:1776` and `kind:1777` event signatures
+* check `kind:1777`'s `pubkey` matches `kind:1776`'s `p` tag
+* check `kind:1777` is more than 60 days old
+* check that no competing 1777 event exists pointing to an event with an older valid OTS proof
+
+After validating all these checks clients SHOULD replace the old pubkey in the user's follow list with the new one.
+
+## Notes
+
+### Rational behind the 60 days delay
+This gives enough time for a user to notice a migration request published by an attacker and gives the user enough time to publish a competing migration request pointing to an earlier `kind:1776` whitelisting event.
+
+### Preventing unpublished evil `kind:1777` attack
+Clients should keep track of when a `kind:1777` event should take into effect, counting at least 60 days from the time of seeing the event and not trusting the event timestamp. This is to prevent an attacker creating an evil `kind:1776`, its attestation, and a `kind:1777` event with its attestation and not publishing them until the 60 days of the attestation have elapsed.
+
+#### Preventing poorly-distributed evil `kind:1777` attack
+Additionally, clients SHOULD broadcast the `kind:1777` events to the relays it normally writes to. This is to prevent an attacker from creating a short-lived NIP-65 relay list where only a subset of users will see an evil `kind:1777` event but not widespread enough for the real owner to notice it.
+
+### Future Work
+Key migration can be done in multiple ways. This is an initial implementation that can work. This mechanism should be extended with other, alternative mechanisms, that can leverage different flows/tradeoffs (e.g. social recovery).

52.md

@@ -40,7 +40,7 @@ The list of tags are as follows:
   "id": <32-bytes lowercase hex-encoded SHA-256 of the the serialized event data>,
   "pubkey": <32-bytes lowercase hex-encoded public key of the event creator>,
   "created_at": <Unix timestamp in seconds>,
-  "kind": 31922,
+  "kind": "31922",
   "content": "<description of calendar event>",
   "tags": [
     ["d", "<UUID>"],
@@ -98,7 +98,7 @@ The list of tags are as follows:
   "id": <32-bytes lowercase hex-encoded SHA-256 of the the serialized event data>,
   "pubkey": <32-bytes lowercase hex-encoded public key of the event creator>,
   "created_at": <Unix timestamp in seconds>,
-  "kind": 31923,
+  "kind": "31923",
   "content": "<description of calendar event>",
   "tags": [
     ["d", "<UUID>"],
@@ -183,7 +183,7 @@ The list of tags are as follows:
   "id": <32-bytes lowercase hex-encoded SHA-256 of the the serialized event data>,
   "pubkey": <32-bytes lowercase hex-encoded public key of the event creator>,
   "created_at": <Unix timestamp in seconds>,
-  "kind": 31925,
+  "kind": "31925",
   "content": "<note>",
   "tags": [
     ["a", "<31922 or 31923>:<calendar event author pubkey>:<d-identifier of calendar event>", "<optional relay url>"],

88.md

@@ -1,79 +0,0 @@
-NIP-88
-======
-
-Recurring Subscriptions
------------------------
-
-`draft` `optional` `author:pablof7z`
-
-This NIP defines a way for a pubkey to create recurring subscription payments to another pubkey.
-
-## Tier Event
-A pubkey can create "tiers". These tiers might provide certain benefits to the supporters who subscribe to these.
-
-```json
-{
-    "kind": 7002,
-    "content": "<description of the tier>",
-    "tags": [
-        [ "title", "..." ],
-        [ "amount", "<amount-in-base-unit>", "currency", "<cadence>" ]
-    ]
-}
-```
-
-This event is generated by a pubkey who wants to allow users to support with different tiers.
-
-`.content` SHOULD be a description of what users who subscribe can expect.
-Tag `title` is an optional title for the tier.
-Tag `amount` MUST specify the payment required for this tier and its cadence.
-    * The first argument should be the stringified amount and the second argument the currency
-    * The third argument SHOULD be one of `daily`, `monthly`, `yearly`
-One or more `amount` tags MUST exist.
-
-#### Examples
-* `[ "amount", "100", "usd", "daily" ]`, $1.00 a day.
-* `[ "amount", "1000000", "btc", "daily" ]`, 1000000 millisats a day.
-
-## Subscribe Event
-
-```json
-{
-    "kind": 7001,
-    "content": "<optional-message>",
-    "tags": [
-        [ "p", "<recipient-pubkey>" ],
-        [ "e", "<supporting-tier-id>" ],
-        [ "amount", "<amount-in-base-unit>", "currency", "<cadence>" ]
-    ]
-}
-```
-
-When a user wants to subscribe to subscribe to support a user they create a `kind:7001` event.
-
-* `.content` is an optional message the supporter can write.
-* The `p` tag MUST tag the pubkey being supported.
-* The `e` tag is optional, and should point to a `kind:7001` support tier event. There MUST be exactly 0 or 1 `e` tags.
-* The `amount` tag specifies what the supporters is committing to pay to the supported pubkey and the candence.
-
-The `kind:7001` event can be created without an `e` tag so that users can create recurring support events without the pubkey receiving the support having explicitly created a support tier.
-
-## Paying
-The supporting user should create a zap p-tagging the receiver and e-tagging the `kind:7001`. There MUST be a single `p` and a single `e` tag in the zap request.
-
-```json
-{
-    "kind": 9734,
-    "content": "",
-    "tags": [
-        [ "p", "<recipient-pubkey>" ],
-        [ "e", "<kind-7001-event-id>" ]
-    ]
-```
-
-Clients supporting this NIP can check for zaps e-tagging the `kind:7001` event to find the pubkeys that have a valid, paid subscriptions at each different period.
-
-The same `kind:7001` is re-zapped on a regular basis per the cadence specified in the event.
-
-## Stopping a subscription
-A user who wants to stop a subscription by publishing a `kind:5` deletion request of the `kind:7001` event.

90.md

@@ -1,171 +0,0 @@
-NIP-90
-======
-
-Data Vending Machine
---------------------
-
-`draft` `optional` `author:pablof7z` `author:dontbelievethehype`
-
-This NIP defines the interaction between customers and Service Providers for performing on-demand computation.
-
-Money in, data out.
-
-## Kinds
-This NIP reserves the range `5000-7000` for data vending machine use.
-
-| Kind | Description |
-| ---- | ----------- |
-| 5000-5999 | Job request kinds |
-| 6000-6999 | Job result |
-| 7000 | Job feedback |
-
-Job results always use a kind number that is `1000` higher than the job request kind. (e.g. request: `kind:5001` gets a result: `kind:6001`).
-
-Job request types are defined [separately](https://github.com/nostr-protocol/data-vending-machines/tree/master/kinds).
-
-## Rationale
-Nostr can act as a marketplace for data processing, where users request jobs to be processed in certain ways (e.g., "speech-to-text", "summarization", etc.), but they don't necessarily care about "who" processes the data.
-
-This NIP is not to be confused with a 1:1 marketplace; instead, it describes a flow where a user announces a desired output, willingness to pay, and service providers compete to fulfill the job requirement in the best way possible.
-
-### Actors
-There are two actors in the workflow described in this NIP:
-* Customers (npubs who request a job)
-* Service providers (npubs who fulfill jobs)
-
-## Job request (`kind:5000-5999`)
-A request to process data, published by a customer. This event signals that an customer is interested in receiving the result of some kind of compute.
-
-```json
-{
-    "kind": 5xxx, // kind in 5000-5999 range
-    "content": "",
-    "tags": [
-        [ "i", "<data>", "<input-type>", "<relay>", "<marker>" ],
-        [ "output", "<mime-type>" ],
-        [ "relays", "wss://..." ],
-        [ "bid", "<msat-amount>" ],
-        [ "t", "bitcoin" ]
-    ]
-}
-```
-
-All tags are optional.
-
-* `i` tag: Input data for the job (zero or more inputs)
-    * `<data>`: The argument for the input
-    * `<input-type>`: The way this argument should be interpreted. MUST be one of:
-        * `url`: A URL to be fetched of the data that should be processed.
-        * `event`: A Nostr event ID.
-        * `job`: The output of a previous job with the specified event ID. The dermination of which output to build upon is up to the service provider to decide (e.g. waiting for a signaling from the customer, waiting for a payment, etc.)
-        * `text`: `<data>` is the value of the input, no resolution is needed
-    * `<relay>`: If `event` or `job` input-type, the relay where the event/job was published, otherwise optional or empty string
-    * `<marker>`: An optional field indicating how this input should be used within the context of the job
-* `output`: Expected output format. Different job request `kind` defines this more precisely.
-* `param`: Optional parameters for the job as key (first argument)/value (second argument). Different job request `kind` defines this more precisely. (e.g. `[ "param", "lang", "es" ]`)
-* `bid`: Customer MAY specify a maximum amount (in millisats) they are willing to pay
-* `relays`: List of relays where Service Providers SHOULD publish responses to
-* `p`: Service Providers the customer is interested in. Other SPs MIGHT still choose to process the job
-
-## Job result (`kind:6000-6999`)
-
-Service providers publish job results, providing the output of the job result. They should tag the original job request event id as well as the customer's pubkey.
-
-```json
-{
-    "pubkey": "<service-provider pubkey>",
-    "content": "<payload>",
-    "kind": 6xxx,
-    "tags": [
-        [ "request", "<job-request>" ],
-        [ "e", "<job-request-id>", "<relay-hint>" ],
-        [ "i", "<input-data>" ],
-        [ "p", "<customer's-pubkey>" ],
-        [ "amount", "requested-payment-amount", "<optional-bolt11>" ]
-    ]
-}
-```
-
-* `request`: The job request event stringified-JSON.
-* `amount`: millisats that the Service Provider is requesting to be paid. An optional third value can be a bolt11 invoice.
-* `i`: The original input(s) specified in the request.
-
-## Job feedback
-Service providers can give feedback about a job back to the customer.
-
-```json
-{
-    "kind": 7000,
-    "content": "<empty-or-payload>",
-    "tags": [
-        [ "status", "<status>", "<extra-info>" ],
-        [ "amount", "requested-payment-amount", "<bolt11>" ],
-        [ "e", "<job-request-id>", "<relay-hint>" ],
-        [ "p", "<customer's-pubkey>" ],
-    ]
-}
-```
-
-* `content`: Either empty or a job-result (e.g. for partial-result samples)
-* `amount` tag: as defined in the [Job Result](#job-result) section.
-* `status` tag: Service Providers SHOULD indicate what this feedback status refers to. [Appendix 1](#appendix-1-job-feedback-status) defines status. Extra human-readable information can be added as an extra argument.
-
-### Job feedback status
-
-| status | description |
-|--------|-------------|
-| `payment-required` | Service Provider requires payment before continuing. |
-| `processing` | Service Provider is processing the job. |
-| `error` | Service Provider was unable to process the job. |
-| `success` | Service Provider successfully processed the job. |
-| `partial` | Service Provider partially processed the job. The `.content` might include a sample of the partial results. |
-
-Any job feedback event MIGHT include results in the `.content` field, as described in the [Job Result](#job-result) section. This is useful for service providers to provide a sample of the results that have been processed so far.
-
-
-# Protocol Flow
-* Customer publishes a job request (e.g. `kind:5000` speech-to-text).
-* Service Providers MAY submit `kind:7000` job-feedback events (e.g. `payment-required`, `processing`, `error`, etc.).
-* Upon completion, the service provider publishes the result of the job with a `kind:6000` job-result event.
-* At any point, if there is an `amount` pending to be paid as instructed by the service provider, the user can pay the included `bolt11` or zap the job result event the service provider has sent to the user
-
-Job feedback (`kind:7000`) and Job Results (`kind:6000-6999`) events MAY include an `amount` tag, this can be interpreted as a suggestion to pay. Service Providers MUST use the `payment-required` feedback event to signal that a payment is required and no further actions will be performed until the payment is sent.
-
-Customers can always either pay the included `bolt11` invoice or zap the event requesting the payment and service providers should monitor for both if they choose to include a bolt11 invoice.
-
-## Notes about the protocol flow
-The flow is deliberately ambiguous, allowing vast flexibility for the interaction between customers and service providers so that service providers can model their behavior based on their own decisions/perceptions of risk.
-
-Some service providers might choose to submit a `payment-required` as the first reaction before sending a `processing` or before delivering results, some might choose to serve partial results for the job (e.g. a sample), send a `payment-required` to deliver the rest of the results, and some service providers might choose to assess likelihood of payment based on an npub's past behavior and thus serve the job results before requesting payment for the best possible UX.
-
-It's not up to this NIP to define how individual vending machines should choose to run their business.
-
-# Cancellation
-A job request might be cancelled by publishing a `kind:5` delete request event tagging the job request event.
-
-# Appendix 1: Job chaining
-A Customer MAY request multiple jobs to be processed as a chain, where the output of a job is the input of another job. (e.g. podcast transcription -> summarization of the transcription). This is done by specifying as input an event id of a different job with the `job` type.
-
-Service Providers MAY begin processing a subsequent job the moment they see the prior job's result, but they will likely wait for a zap to be published first. This introduces a risk that Service Provider of job #1 might delay publishing the zap event in order to have an advantage. This risk is up to Service Providers to mitigate or to decide whether the service provider of job #1 tends to have good-enough results so as to not wait for an explicit zap to assume the job was accepted.
-
-This gives a higher level of flexibility to service providers (which sophisticated service providers would take anyway).
-
-# Appendix 2: Service provider discoverability
-Service Providers MAY use NIP-89 announcements to advertise their support for job kinds:
-
-```json
-{
-    "kind": 31990,
-    "pubkey": "<pubkey>",
-    "content": "{
-        \"name\": \"Translating DVM\",
-        \"about\": \"I'm a DVM specialized in translating Bitcoin content.\"
-    }",
-    "tags": [
-        [ "k", "5005" ], // e.g. translation
-        [ "t", "bitcoin" ] // e.g. optionally advertises it specializes in bitcoin audio transcription that won't confuse "Drivechains" with "Ridechains"
-    ]
-}
-```
-
-Customers can use NIP-89 to see what service providers their follows use.

README.md

@@ -50,6 +50,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos
 - [NIP-38: User Statuses](38.md)
 - [NIP-39: External Identities in Profiles](39.md)
 - [NIP-40: Expiration Timestamp](40.md)
+- [NIP-41: Key migration](41.md)
 - [NIP-42: Authentication of clients to relays](42.md)
 - [NIP-45: Counting results](45.md)
 - [NIP-46: Nostr Connect](46.md)
@@ -67,7 +68,6 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos
 - [NIP-75: Zap Goals](75.md)
 - [NIP-78: Application-specific data](78.md)
 - [NIP-89: Recommended Application Handlers](89.md)
-- [NIP-90: Data Vending Machines](90.md)
 - [NIP-94: File Metadata](94.md)
 - [NIP-98: HTTP Auth](98.md)
 - [NIP-99: Classified Listings](99.md)
@@ -94,12 +94,11 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos
 | `1063`  | File Metadata              | [94](94.md) |
 | `1311`  | Live Chat Message          | [53](53.md) |
 | `1040`  | OpenTimestamps             | [03](03.md) |
+| `1776`  | Key Migration Whitelist    | [41](41.md) |
+| `1777`  | Key Migration              | [41](41.md) |
 | `1984`  | Reporting                  | [56](56.md) |
 | `1985`  | Label                      | [32](32.md) |
 | `4550`  | Community Post Approval    | [72](72.md) |
-| `7000`  | Job Feedback               | [90](90.md) |
-| `7001`  | Recurring Subscription     | [88](88.md) |
-| `7002`  | Recurring Subscription Tier| [88](88.md) |
 | `9041`  | Zap Goal                   | [75](75.md) |
 | `9734`  | Zap Request                | [57](57.md) |
 | `9735`  | Zap                        | [57](57.md) |
@@ -133,6 +132,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos
 | `31990` | Handler information        | [89](89.md) |
 | `34550` | Community Definition       | [72](72.md) |
 
+
 ## Message types
 
 ### Client to Relay