Re: [nostr-protocol/nips] update nip-57 zap receipt spec to include 'a' tag (PR #800)
13 views
Skip to first unread message
William Casarin
Sep 29, 2023, 2:29:55 PM9/29/23
to nostr-protocol/nips, d...@damus.io, nostr-p...@googlegroups.com
On Fri, Sep 29, 2023 at 09:03:07AM -0700, Vitor Pamplona wrote:
>Sorry, I thought this was a simple documentation of widespread
>behavior. If it is not, I am happy to revert.
probably best to revert, the spec currently requires there to be either
e+p to be set or just p, this defines the note and pubkey zap targets
for a zap request.
zappers should be validating these, adding an `a` tag would break
validation and would require a bit more care, ideally in v2.
I still feel like this is wrong. I think liking and zapping a-tags in an
antipattern and can lead to many issues:
1. It makes it look like someone likes a post that they didn't like
2. It makes it look like someone zapped a post that
Imagine a scenario of a malicious user creating a post about how much
they like puppies, since alice likes puppies she zaps 10000 sats. Now to
troll, they use a replaceable event to update the article to say that
hitler was right and that jews need to be exterminated. Sorry for the
rough example, but this can really happen and is an example of how bad
the issue could be. If we have a-tag like and zap targets, people would
be shocked to see that you support such content.
This is why I was explicit about not supporting a-tags in zap requests.
Maybe it would make sense to add it in addition, but I don't think it
should be in-place of the e-tag so that clients can show that the zap is
invalidated/targetting an older post.
>Sorry, I thought this was a simple documentation of widespread
>behavior. If it is not, I am happy to revert.
probably best to revert, the spec currently requires there to be either
e+p to be set or just p, this defines the note and pubkey zap targets
for a zap request.
zappers should be validating these, adding an `a` tag would break
validation and would require a bit more care, ideally in v2.
I still feel like this is wrong. I think liking and zapping a-tags in an
antipattern and can lead to many issues:
1. It makes it look like someone likes a post that they didn't like
2. It makes it look like someone zapped a post that
Imagine a scenario of a malicious user creating a post about how much
they like puppies, since alice likes puppies she zaps 10000 sats. Now to
troll, they use a replaceable event to update the article to say that
hitler was right and that jews need to be exterminated. Sorry for the
rough example, but this can really happen and is an example of how bad
the issue could be. If we have a-tag like and zap targets, people would
be shocked to see that you support such content.
This is why I was explicit about not supporting a-tags in zap requests.
Maybe it would make sense to add it in addition, but I don't think it
should be in-place of the e-tag so that clients can show that the zap is
invalidated/targetting an older post.
Reply all
Reply to author
Forward
0 new messages