fiatjaf's avatar
fiatjaf _@fiatjaf.com 1 year ago
To be fair, it's not unreasonable to have this primal desire for subkeys and key rotation. The problem is that: 1) it's not possible to do without centralization (or a blockchain) -- Bluesky tried, and the best solution they came up with was a big server that hosts a history of keys for everybody and can censor anyone; 2) doing it by means of Nostr events that declare subkeys or delegation or whatnot, creates insurmountable complexity that turns Nostr into an unusable pile of bloatware and away its most basic feature: the chance of working; 3) it's not the only way to protect your key from rogue computers and apps -- NIP-46 and other methods exist and are much nicer to use, with still many unexplored possibilities; 4) it's not clear that more than 16 people in the entire world want this at all -- when was the last time a normal person thought about rotating their PGP keys?
↑ Parent

Replies (3)

Analogue Dog's avatar
Analogue Dog 1 year ago
The only people you have to declare your newly rotated key to is: Your followers ∩ The ones you want to keep. User applications would have the option of caching keys used for historic notes. The local cache might get a bit chunky if users rotate a key for each note, but keys could be locally jettasoned using a stack-height setting for each chain of keys [user]. One of the reasons I don't like Nostr is that there is no reliable way to expunge notes from relays. Without the ability to do this, there doesn't seem to be a way to meet conditions for acceptable levels of privacy.
Analogue Dog's avatar
Analogue Dog 1 year ago
One method that occurred to me as an alternative (or even a bolt-on) to ordered HD key rotation would be for each new user to generate a (say 128Kb) pad of key pairs instead of a single key pair. Each key pair would be random-entropic. A user's first note is signed/encrypted using the first key on the pad, but with the note including metadata denoting the next key (from the pad) to be used... or a clue to the next key. The key could be switched every note, every 21 notes etc. Only those who have been sent the full pad of public keys are then able to stitch-together the full note history. It doesn't feel too computationally expensive to me. Obviously lots of flaws with this, but perhaps a basis for something...?!?
Robot Lightning's avatar
Robot Lightning robotlightning@nostrplebs.com 1 year ago
I view it alike to Bitcoin. With Bitcoin I hold my keys, it makes me immune to being debanked, but I wear the custody risk. With Nostr I hold my keys, it makes me immune to being deplatformed, but I wear the custody risk. Arguments like "What if my keys get compromised? There is no way to fix that. Therefore this protocol sucks" are as banal with Nostr as they are with Bitcoin. Yes we should try to improve. Also "I've just discovered Bitcoin and I'm here to fix it" was a meme for a reason.
fiatjaf's avatar fiatjaf
To be fair, it's not unreasonable to have this primal desire for subkeys and key rotation. The problem is that: 1) it's not possible to do without centralization (or a blockchain) -- Bluesky tried, and the best solution they came up with was a big server that hosts a history of keys for everybody and can censor anyone; 2) doing it by means of Nostr events that declare subkeys or delegation or whatnot, creates insurmountable complexity that turns Nostr into an unusable pile of bloatware and away its most basic feature: the chance of working; 3) it's not the only way to protect your key from rogue computers and apps -- NIP-46 and other methods exist and are much nicer to use, with still many unexplored possibilities; 4) it's not clear that more than 16 people in the entire world want this at all -- when was the last time a normal person thought about rotating their PGP keys?
View quoted note →