Lucas Kell on Nostr: I wrote a note about this type of issue yesterday. My feeling is that the key we use ...
I wrote a note about this type of issue yesterday. My feeling is that the key we use day to day should be a secondary key that can be changed by signing an event with a primary key (preferably a hardware one). Rationale being that the key used to log in day to day is frequently e posed to apps using it so is at a higher risk and should be quick and easy to drop.
For bigger social media users the 30 days could be pretty problematic as from my understanding the compromised key would still be what most clients see as the real identity.
Published at
2023-10-24 20:32:06Event JSON
{
"id": "0a5485491547801143d81498cbbdff9e23f8c49f63d25d93dfb14949cd9b5292",
"pubkey": "98f2e6e3d5535803b968e241163a9eb3027ef13465a46d036719d46878c70878",
"created_at": 1698179526,
"kind": 1,
"tags": [
[
"e",
"06f9db5bc9d0871b9ccf9a3c3260e37292a649a355bbeaf48cbd7e61d6e3b465",
"",
"reply"
],
[
"p",
"fa984bd7dbb282f07e16e7ae87b26a2a7b9b90b7246a44771f0cf5ae58018f52"
]
],
"content": "I wrote a note about this type of issue yesterday. My feeling is that the key we use day to day should be a secondary key that can be changed by signing an event with a primary key (preferably a hardware one). Rationale being that the key used to log in day to day is frequently e posed to apps using it so is at a higher risk and should be quick and easy to drop. \n\nFor bigger social media users the 30 days could be pretty problematic as from my understanding the compromised key would still be what most clients see as the real identity. ",
"sig": "6f6bd4a76a8d1bb212688332b4fcbb6ca0ea83dfe6296fe26e1b2ee40cbd6645967f3aaf9df9111a81203b94799f05a028c6962965db99f9f86f214a09901b3e"
}
