I'd be uneasy about a supposed "shared secret" being put in a public `p` tag.
Indeed, AIUI, using a silent inbox as presented here completely breaks the security of any past and future regular NIP-04 DMs between the same parties, because the same "shared secret" used for encryption in regular NIP-04 DMs is being used publicly in the silent inbox. An attacker doing trial and error decryption of NIP-04 DMs would be able to decrypt all regular DMs between the two, as well as deanonymize the silent inbox.
shafemtol /
npub1mh…anahj
2023-06-04 17:02:31
in reply to nevent1q…x3u6
Author Public Key
npub1mh94j7j7nwvzl7kwcg70fhxe67kdy50fccakmueq9jjf77zmc25svanahjPublished at
2023-06-04 17:02:31Event JSON
{
"id": "7d58321232e0a4b0199052cc5168e7ae8de778796923613cebea803f2e535ca2",
"pubkey": "ddcb597a5e9b982ffacec23cf4dcd9d7acd251e9c63b6df3202ca49f785bc2a9",
"created_at": 1685898151,
"kind": 1,
"tags": [
[
"e",
"c28b5d3225ea99f426538aabecde635ca07bbc51928c4ba8431a53156a53a334",
"",
"root"
],
[
"p",
"50d94fc2d8580c682b071a542f8b1e31a200b0508bab95a33bef0855df281d63"
]
],
"content": "I'd be uneasy about a supposed \"shared secret\" being put in a public `p` tag.\n\nIndeed, AIUI, using a silent inbox as presented here completely breaks the security of any past and future regular NIP-04 DMs between the same parties, because the same \"shared secret\" used for encryption in regular NIP-04 DMs is being used publicly in the silent inbox. An attacker doing trial and error decryption of NIP-04 DMs would be able to decrypt all regular DMs between the two, as well as deanonymize the silent inbox.",
"sig": "9f47602f5093889013cc8ea1b17cfcf8900d870009b3f6a3f268b52f4864ac872734214a555a127319b49934e6f67d3a075de7bbe9fe974c0360999bc9e89320"
}