I am starting to think MLS/Marmot needs to be a Signer app, not a Nostr client.
Clients just talk to the signer to encrypt/decrypt without ever having view or control of the inner secrets and ratche...
hmm, I don't know tbh.
basically - a standalone app that signs, but also holds all your group chat state? then other apps just call into it to get data to display and request signatures?
feel's like you've just pushed the threat (and requirement for good security) down one level. How the decrypted data is treated is also really important.
basically - a standalone app that signs, but also holds all your group chat state? then other apps just call into it to get data to display and request signatures?
feel's like you've just pushed the threat (and requirement for good security) down one level. How the decrypted data is treated is also really important.
1❤️1👀1🤔1