Braydon Fuller on Nostr: It is possible, there just isn't a "global" agreed upon consensus — and that is ...
It is possible, there just isn't a "global" agreed upon consensus — and that is fine. It is not as complicated as it has been made to sound.
PGP has key signing and revocation, that's pretty much all that is needed.
The use case is valid. If someone's PGP key is compromised, I've seen it happen, they need to revoke the key, create a new one and then have coworkers, friends and etc. sign the new one, done.
PGP has key signing and revocation, that's pretty much all that is needed.
The use case is valid. If someone's PGP key is compromised, I've seen it happen, they need to revoke the key, create a new one and then have coworkers, friends and etc. sign the new one, done.
quoting nevent1q…39skTo be fair, it's not unreasonable to have this primal desire for subkeys and key rotation. The problem is that:
1) it's not possible to do without centralization (or a blockchain) -- Bluesky tried, and the best solution they came up with was a big server that hosts a history of keys for everybody and can censor anyone;
2) doing it by means of Nostr events that declare subkeys or delegation or whatnot, creates insurmountable complexity that turns Nostr into an unusable pile of bloatware and away its most basic feature: the chance of working;
3) it's not the only way to protect your key from rogue computers and apps -- NIP-46 and other methods exist and are much nicer to use, with still many unexplored possibilities;
4) it's not clear that more than 16 people in the entire world want this at all -- when was the last time a normal person thought about rotating their PGP keys?