xdamman on Nostr: So Device B needs to sign content with the user level private key? So the only ...
So Device B needs to sign content with the user level private key? So the only purpose of its own private key is to securely exchange the user level private key?
I like to think of public keys as throw away session ids. Private keys should never leave the device where it has been generated but can rotate. Think of it like IP addresses that can change over time.
My identity should just reference the current valid session IDs (in the same way that it references the current preferred relays). Any valid session can approve a new session (scan QR code of a new device npub).
A session is actually not linked to a device but to a (device,app) pair. So that even a malicious app doesn’t contaminate and jeopardize your identity.
Each session id (npub) could also have a tag, so that you can choose to follow me but only the content that I post from a given app.
To avoid a malicious app to then automatically approve other npubs, we could have sane default rules. Eg. only your first session (high trust) can approve new sessions. Secondary sessions can only take over the primary role if the relay hasn’t heard from that primary key in more than x months.
I like to think of public keys as throw away session ids. Private keys should never leave the device where it has been generated but can rotate. Think of it like IP addresses that can change over time.
My identity should just reference the current valid session IDs (in the same way that it references the current preferred relays). Any valid session can approve a new session (scan QR code of a new device npub).
A session is actually not linked to a device but to a (device,app) pair. So that even a malicious app doesn’t contaminate and jeopardize your identity.
Each session id (npub) could also have a tag, so that you can choose to follow me but only the content that I post from a given app.
To avoid a malicious app to then automatically approve other npubs, we could have sane default rules. Eg. only your first session (high trust) can approve new sessions. Secondary sessions can only take over the primary role if the relay hasn’t heard from that primary key in more than x months.