mleku on Nostr: this is why kind 4 DMs are not as insecure as you might think revealing the contents ...
this is why kind 4 DMs are not as insecure as you might think
revealing the contents requires revealing your key, because the signature is not on the plaintext, it's on the encrypted text, so you decrypt it, you lose the authenticity, and thus, your credibility
it's hearsay
if you complicate things with further schemes like double ratchet, compromising one message is easy enough, but the other side has to see all the shit as well so they can compromise every message they receive
WITHOUT REVEALING THEIR SECRET KEY
so, actually, it's arguable what is better, if the threat model is betrayal
revealing the contents requires revealing your key, because the signature is not on the plaintext, it's on the encrypted text, so you decrypt it, you lose the authenticity, and thus, your credibility
it's hearsay
if you complicate things with further schemes like double ratchet, compromising one message is easy enough, but the other side has to see all the shit as well so they can compromise every message they receive
WITHOUT REVEALING THEIR SECRET KEY
so, actually, it's arguable what is better, if the threat model is betrayal
quoting nevent1q…2ka6PSA
actually proving someone told you something in a kind 4 DM requires you to make your nsec public
screenshots don't count