Nuh 🔻 on Nostr: Not even some things, the only thing we sign (yet) is just a very short lived ...
Not even some things, the only thing we sign (yet) is just a very short lived authentication token, which you send it to your homeserver and get a good old cookie (session) in return, and you use that going forward.
In fact we also have a 3rd party authorization spec(and working code), so you can allow a web app to obtain that session without uploading the keys to that 3rd party app.
We will properly go even further and make your root key only used once in the beginning, then use a delegated key for logging in when you get signed out... but we haven't went that far yet.
For now, you use your key as often as you sign in to Gmail... very rarely
In fact we also have a 3rd party authorization spec(and working code), so you can allow a web app to obtain that session without uploading the keys to that 3rd party app.
We will properly go even further and make your root key only used once in the beginning, then use a delegated key for logging in when you get signed out... but we haven't went that far yet.
For now, you use your key as often as you sign in to Gmail... very rarely