schmijos on Nostr: Why are we all so concerned with securing our one-and-only nsec? Wouldn’t it be ...
Why are we all so concerned with securing our one-and-only nsec? Wouldn’t it be healthier for nostr if we could easily burn them and migrate to the next one?
Key migration should be as easily possible as: “Hey, I’m Joe, Fred lost his phone, this is his new number.”
Everyone can ask themselves then: do I trust Joe.
How to set this up technically may be challenging assuming there’s no hard concept of absolute time in nostr which allows for the statement “key burned after”. But intuitively I feel there must be a pragmatic middle path with relative time as in “signed and referenced by”. We could make a DAG putting notes into timely relation to each other and drop out cheaters. A bit like proof-of-stake with social media:
Laeserin (npub1m4n…c2jl) could for example make a statement now “schmijos seems legit and every interaction with him so far seems legit”. Others could judge this and say: ok, there this side of the DAG which seems non-meddled-with. A bit like a continuous key-signing party which doesn’t bring good security, but some security. This is a concept of time. And as soon as Laeserin (npub1m4n…c2jl) detects weird interactions, she makes a statement: “nah, doesn’t seem right, he’s been hacked”. It would be no different than me writing to a friend on facebook: “hey your account makes weird things, I consider it has been hacked”
I’m aware this idea is neither very cypherpunk nor Bitcoiner-proof but on nostr we could maybe live with a very laax term of time? We’re still free to assume the worst anytime and can require perfect security when needed. But if I want to call Fred I’m probably grateful that Joe told me where to reach him.
Key migration should be as easily possible as: “Hey, I’m Joe, Fred lost his phone, this is his new number.”
Everyone can ask themselves then: do I trust Joe.
How to set this up technically may be challenging assuming there’s no hard concept of absolute time in nostr which allows for the statement “key burned after”. But intuitively I feel there must be a pragmatic middle path with relative time as in “signed and referenced by”. We could make a DAG putting notes into timely relation to each other and drop out cheaters. A bit like proof-of-stake with social media:
Laeserin (npub1m4n…c2jl) could for example make a statement now “schmijos seems legit and every interaction with him so far seems legit”. Others could judge this and say: ok, there this side of the DAG which seems non-meddled-with. A bit like a continuous key-signing party which doesn’t bring good security, but some security. This is a concept of time. And as soon as Laeserin (npub1m4n…c2jl) detects weird interactions, she makes a statement: “nah, doesn’t seem right, he’s been hacked”. It would be no different than me writing to a friend on facebook: “hey your account makes weird things, I consider it has been hacked”
I’m aware this idea is neither very cypherpunk nor Bitcoiner-proof but on nostr we could maybe live with a very laax term of time? We’re still free to assume the worst anytime and can require perfect security when needed. But if I want to call Fred I’m probably grateful that Joe told me where to reach him.