Someday I won't have to use my nsec on a hot device...
Early clients made the nsec a hot key because it was fast, simple, and got people posting in five seconds. Zero friction. Maximum adoption. And now the entire ecosystem is stuck carrying the blast radius of that shortcut.
The model we should have built from day one is simple and proven:
Root nsec (cold, offline)
-> deterministic derivation
-> epoch based operational keys (hot)
-> clients follow the epochs automatically
-> rotation becomes normal, safe, and invisible
It needs a mental model shift:
- Stop treating the root key as the thing you post with.
- Start treating it as the thing you protect with your life.
- Let the root define the family of keys.
- Let the hot keys do the work.
- Let time advance the lineage cleanly.
- Make compromise lose its teeth.
This has been hashed over a number of times, this was written without any actual research into the problem space. Child keys are too much work on the client, among other inanities with this approach.
lol.
It's actually much simpler, remote signing and a policy engine: https://auth.shock.network
This is how so much works in the enterprise, and for a social network to gain real traction big brands need to adopt it and that means delegating revocable scoped permissions to interns and social media management suites, policy engines and remote signing are inevitable.
Focus is on wallet/pub rn of course but an SDK and enhancement to Sanctum is on the roadmap.
I assume they didn't read #1294916
🤣🤣🤣
ooh, yeah that's a lot of justs.