Or, even simpler, it is similar to this:
You want to talk to John Doe on Nostr. The problem is anyone can pretend to be John.
So, someone says "I will check your ID that you are John Doe, and I will give you a badge that I checked".
Your client implements a list of trusted checkers, and when you search for John Doe, only the verified npub appears. The others get a big scary warning "This may not be John Doe".
The client only trusts checkers that adhere to a given standard and have reputation, to prevent bad actors from being able to issue fake badges for anyone.
This is how HTTPS works but instead of npubs it is servers' public/private keypairs, and instead of people it is domain names, and badges are certificates
semisol
npub122…cgrkj
2026-01-11 11:24:40 UTC
in reply to nevent1q…mdup
Author Public Key
npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkjSeen on
wss://nos.lolPublished at
2026-01-11 11:24:40 UTCEvent JSON
{
"id": "8cdd001c072a064d256d9639a5190bf1979d22472907e7e6b043590409c27435",
"pubkey": "52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd",
"created_at": 1768130680,
"kind": 1,
"tags": [
[
"e",
"92d6d367b56425618ab991e9bbd9f71ff35bc30a6c6b01fc9500a209add9734b",
"wss://espelho.girino.org/",
"root",
"3b7fc823611f1aeaea63ee3bf69b25b8aa16ec6e81d1afc39026808fe194354f"
],
[
"e",
"f687b5eebb080c0a5d3e19c837df16354075573726ca991ff234a02df76be6ae",
"wss://aggr.nostr.land/",
"reply",
"52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd"
],
[
"p",
"3b7fc823611f1aeaea63ee3bf69b25b8aa16ec6e81d1afc39026808fe194354f"
],
[
"p",
"010df0c948fe9ab54d2cb7ea420ffa08d57958981b6ea68e83aaa7eb2dd3f05a"
],
[
"p",
"1408bad049bab8a38b976075affe413c3521bbeef62cc4ce3555299f4971f2ca"
],
[
"p",
"45f195cffcb8c9724efc248f0507a2fb65b579dfabe7cd35398598163cab7627"
],
[
"p",
"e83b66a8ed2d37c07d1abea6e1b000a15549c69508fa4c5875556d52b0526c2b",
"wss://hist.nostr.land/"
],
[
"p",
"52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd",
"wss://aggr.nostr.land/"
],
[
"client",
"noStrudel",
"31990:266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5:1686066542546"
]
],
"content": "Or, even simpler, it is similar to this: \n\nYou want to talk to John Doe on Nostr. The problem is anyone can pretend to be John.\n\nSo, someone says \"I will check your ID that you are John Doe, and I will give you a badge that I checked\".\n\nYour client implements a list of trusted checkers, and when you search for John Doe, only the verified npub appears. The others get a big scary warning \"This may not be John Doe\".\n\nThe client only trusts checkers that adhere to a given standard and have reputation, to prevent bad actors from being able to issue fake badges for anyone.\n\nThis is how HTTPS works but instead of npubs it is servers' public/private keypairs, and instead of people it is domain names, and badges are certificates",
"sig": "674667895624dc47981e4726cdf8072552bc0f2010648da717b2db06cf0ed7bb5fb670c2d4d4b96c910cb6240e46021961d05e7a0c0fd844d8ac96171c6c752b"
}