-
@ Dikaios1517
2025-05-19 21:12:38
I would rather be asked to approve signing, and have the option to set that particular type of request to automatic in the future, or leave it a manual approval as I see fit.
I would also like approval requests to be very clear about what they are for. I'll pick on the nostr:npub10r8xl2njyepcw2zwv3a6dyufj4e4ajx86hz6v4ehu4gnpupxxp7stjt2p8 a bit for this one. When you are signed in with Amber and you tap to install an app, Amber pops up a signature request that just tells you its for a "Job request" without any information about what sort of job is being requested. Selecting "Show Details" gives very little help.
https://relay.brightbolt.net/7a2d4d90c9e84c12b976d6ffcc237d8744c1b0a1c865a0fbaa5b202ced9be91f.png
Would the average user know what to make of that, or what the Zapstore is going to be using their signature for?
After doing a bit of digging, I discovered that this request is simply to find out the application publisher's "reputation" with the users I follow. In other words, which users that I follow that also follow the app publisher. That's a request I am fine with signing for, but the average user is going to have NO IDEA what a kind 5312 is for, or where to even start investigating it.
So, yes, I want to see what my key is being used to sign for, and have the option to accept or reject it, but only if the signing request can be put in plain language what I am signing for. Otherwise, I'm just going to default to rejecting the signing request.
I also only want one signing request at a time. Wait to send more until the first has been accepted or rejected. Not sure if this is more on the end of the extension needing to hold the additional requests in a queue, or if the client should only be sending the signer one request at a time, but it needs to be addressed. This is particularly an issue with DM decryption requests...
The amount of things that need to be signed may be able to be reduced as well. Anything that requires an event to be published to relays will always require a signature, and anything that is being retrieved from a relay that requires AUTH, as well, but not much outside of that should need to be signed. Thing is, almost everything needs to be saved to relays in order to enable interoperability with other Nostr clients. Anything that doesn't require a signature is obviously not being stored on relays, and is therefore not going to show up when you switch to a different client.