it's just another bit of distinctiveness that "namespaces" the cryptography
one bit of difference makes a brute force attack a lot harder, several bits, even harderer
this is also why it is a good thing that nostr events sign including the pubkey, because this means that produced signatures are in their own subset of the finite field of possible signatures
in my "expiration variant" of NIP-98 (which i'm not real keen on presenting to the nip retards, i mean guardians) i allow for the URL being a prefix match, so you can enable access to a domain with an authentication event
so, that is relevant also, since this allows you to control the places where it's a valid event, as well as when (by enabling an expiry).
JWT has a more complex system including a "not before" field also, and i can see uses for that but not very many, the nostr event itself contains a lot of bits of data that are distinctive enough that it's probably sufficient as it is with NIP-98
mleku
npub1fj…mleku
2025-04-07 11:13:52
in reply to nevent1q…75fl
Author Public Key
npub1fjqqy4a93z5zsjwsfxqhc2764kvykfdyttvldkkkdera8dr78vhsmmlekuPublished at
2025-04-07 11:13:52Event JSON
{
"id": "2270f70e5dc4f26bc6f2378d7ae5cc2caaf5ba6353c454e4fe85a19d9d4c9171",
"pubkey": "4c800257a588a82849d049817c2bdaad984b25a45ad9f6dad66e47d3b47e3b2f",
"created_at": 1744024432,
"kind": 1,
"tags": [
[
"e",
"81479b7737cfe6a8bc468c0334c43f915c5cd4554066d2611432e33a3cf66c9e",
"wss://theforest.nostr1.com/",
"root",
"f683e87035f7ad4f44e0b98cfbd9537e16455a92cd38cefc4cb31db7557f5ef2"
],
[
"p",
"f683e87035f7ad4f44e0b98cfbd9537e16455a92cd38cefc4cb31db7557f5ef2"
],
[
"client",
"jumble"
]
],
"content": "it's just another bit of distinctiveness that \"namespaces\" the cryptography\n\none bit of difference makes a brute force attack a lot harder, several bits, even harderer\n\nthis is also why it is a good thing that nostr events sign including the pubkey, because this means that produced signatures are in their own subset of the finite field of possible signatures\n\nin my \"expiration variant\" of NIP-98 (which i'm not real keen on presenting to the nip retards, i mean guardians) i allow for the URL being a prefix match, so you can enable access to a domain with an authentication event\n\nso, that is relevant also, since this allows you to control the places where it's a valid event, as well as when (by enabling an expiry).\n\nJWT has a more complex system including a \"not before\" field also, and i can see uses for that but not very many, the nostr event itself contains a lot of bits of data that are distinctive enough that it's probably sufficient as it is with NIP-98",
"sig": "a603df568dfad1c5f8923271c16a9255d51953d15a7c38bf73e69756c73c1efa8fa993701014f70350367ce24bfd6fc1f19018fa7f0e1f3a4e871729800898e0"
}