100 sats \ 5 replies \ @justin_shocknet 12 Jul \ parent \ on: Nostr subkeys nostr
Fiatjaf makes a good point in that its effectively not opt-in, its the nostr analogue to a hard fork because all the lift is on the clients
There's no way to handle this gracefully in public key systems where your public key is your identity, you can abstract all you like but you're still building a new identity when its all said and done rolling keys... there are proposals for pre-defining a rollover key, but its pretty stupid imo as a compromised key could still just attest to a fake rollover key
This is a tale as old as time, whether its a yubikey ssh pgp btc or whatever... if you're keys are compromised your fallback is some out of band redundancy and repointing
The point of revocable access tokens is to not let bad actors get your keys in the first place by keeping them in a secure remote signer, not pasting them into countless apps and hacky browser extensions.
If an app is misusing its access you revoke that access and that's the end of it, there's no need to roll a new key... the app only ever had a token to the signer not the key itself.
Pretty much everyone that has used nostr has made a dumb login decision because that's all that's been readily available. My nsec has been pasted into a couple apps and extensions just to play with them, and so I personally plan on starting from scratch with a Sanctum originated key once I consider Nostr usable enough for social to care
It would be a bad look to run an enterprise-class auth service and then have my key exploited later because I had pasted it into some apps before building a secure signer.
We should consider Nostr completely custodial at this stage because of how insecurely keys have been used. (Browser extensions are just as bad as pasting into a web app).
Only once secure remote signers (Sanctum and Bunker work similarly) are standard can it begin to secure valuable identities.
Such an app won't be able to do anything more than make a post that says you're burning the current key, follow me at the new key... there's no way around the fact its going to be a new identity that requires repointing.
Appreciate the thoughtful reply.
and so I personally plan on starting from scratch with a Sanctum originated key once I consider Nostr usable enough for social to care
I've considered this as well, and might do it at some point.
Such an app won't be able to do anything more than make a post that says you're burning the current key, follow me at the new key... there's no way around the fact its going to be a new identity that requires repointing.
You know way more about this stuff and me so I yield to your expertise. The thing I don't understand is how it is done over at Hive. I changed my private keys there after the fork from Steem (the Hive private keys were the same as with Steem and Tron, yikes! talk about scary). Though I changed to new keys, I'd saved the old ones. I just tried those old ones, and as expected they no longer work. I don't know, maybe Nostr a different animal altogether.
reply
Hive is a unique client using Nostr but not necessarily compatible with other Nostr clients, that's where the hard fork analogy comes in re: NIP26, which is how they do it
It's possible they end up doing really well with it and other apps start to use NIP26 to benefit from shared network effect, but as of now there's a lot of reasoning outlined above for other Nostr apps try other things
reply
Wait what? I was referring to the hive.io chain. There's a Hive "unique client using Nostr" with that name?
reply
Conflation on my end, I mean Minds... somehow transposed those names in my head
reply
✅
reply