air217 on Nostr: Hmm one way to do key rotation on Nostr could be to follow both the NIP-05 verified ...
Hmm one way to do key rotation on Nostr could be to follow both the NIP-05 verified domain + npub key
For example, if I follow Jack, instead of following only his npub, we follow his (npub, nip-05 domain).
Now let's say the key somehow gets compromised, but the NIP-05 domain that we subscribed to at the time of follow no longer is verifying the compromised npub, then we unfollow Jack.
And when I want to add Jack again, clients can promote Jack's new npub by crawling his domain (which we assume he will not lose control of).
I think breaking chain of trust when an identification anomaly is detected is great for trust. As long the actions made are transparent to the user
For example, if I follow Jack, instead of following only his npub, we follow his (npub, nip-05 domain).
Now let's say the key somehow gets compromised, but the NIP-05 domain that we subscribed to at the time of follow no longer is verifying the compromised npub, then we unfollow Jack.
And when I want to add Jack again, clients can promote Jack's new npub by crawling his domain (which we assume he will not lose control of).
I think breaking chain of trust when an identification anomaly is detected is great for trust. As long the actions made are transparent to the user