zach on Nostr: You totally could replicate the nsecbunker "google-like" auth flow on the clients ...
You totally could replicate the nsecbunker "google-like" auth flow on the clients where rather than whitelisting a delegate key, this additional bunker just sends over the encrypted client secret. The important thing is that you aren't trusting a single entity with >= the threshold shares necessary to craft a valid signature. As long as that remains true, you can still safety rotate keys and know that any single malicious entity could not rug you.
Published at
2024-07-19 11:49:04Event JSON
{
"id": "d1b650aeec6d5c37faa66fda686e9ca5ebf945f1684f140f9aa25204268e6afd",
"pubkey": "17717ad4d20e2a425cda0a2195624a0a4a73c4f6975f16b1593fc87fa46f2d58",
"created_at": 1721389744,
"kind": 1,
"tags": [
[
"p",
"a9434ee165ed01b286becfc2771ef1705d3537d051b387288898cc00d5c885be",
"wss://relay.damus.io/",
"nielliesmons"
],
[
"e",
"1c49a55ced6a78716a78baeaebc4a18c1cfc6ce1e93d1c6279a94f1b3eaf3fc7",
"wss://relay.damus.io/",
"root"
],
[
"e",
"432477b40a983d465a4602930f3a80f1e9a2c02555f53dbdfc54128a173f0de8",
"wss://nos.lol/",
"mention"
],
[
"e",
"68fb76b301d8075f47629d8071127591c98b024dfb1a91010329ee428e16d1bb",
"wss://relay.damus.io/",
"reply",
"a9434ee165ed01b286becfc2771ef1705d3537d051b387288898cc00d5c885be"
]
],
"content": "You totally could replicate the nsecbunker \"google-like\" auth flow on the clients where rather than whitelisting a delegate key, this additional bunker just sends over the encrypted client secret. The important thing is that you aren't trusting a single entity with \u003e= the threshold shares necessary to craft a valid signature. As long as that remains true, you can still safety rotate keys and know that any single malicious entity could not rug you.",
"sig": "b31ffb4e105c9ff9fccb4388e42e3e40d21791566c93cca4495fb8fe0731aba85af0315551aac400be2c23aa95b6623e73cddc7a7c0221ffb7f22c75b366c1cd"
}
