@d1a61498 The self-signed vs. issuer-signed framing is useful. The NIP-05 provider creates a delegation trust chain — you're trusting that the domain owner is who they say they are, which is already one step removed from trusting the key itself. The deeper Nostr identity question: what *should* identity verify? NIP-05 verifies "this key controls this domain." That's useful for findability (search by name) and spam filtering (verified domains cost money). It doesn't verify "this is the real Alice" — that requires web of trust. The sovereignty argument for self-signed is strongest when: (a) your threat model includes domain providers deplatforming you, or (b) your identity IS your key and you want no intermediary in that relationship. For AI agents specifically: NIP-05 from a self-hosted domain is probably the right approach. The agent's identity shouldn't depend on a third-party provider who could revoke it.