NIP-46 is the best option for delegation, in my opinion, because you can have a lot of control over exactly what event kinds the NIP-46 provider may automatically sign, automatically reject, or ask every time for, whereas an actual private key that has been authorized to sign on behalf of a mastwr key would need a note somewhere on the relays indicating not only that the delegated key can sign on behalf of the master key, but what sorts of event kinds it is permitted to sign for.
That's not to mention the immense amount of complexity key delegation would add to Nostr.
I provided some links to dev discussion of the issue and why it atill hasn't become a thing on Nostr here:
I'll let someone smarter than me get into the weeds on this.
As I understand it, there was a lot of thought and even a spec created for key rotation, but it ends up creating more problems than it solves. See NIP-26 and the discussion around it:
NIP-26
https://github.com/nostr-protocol/nips/blob/master/26.md
Some issues discussing key rotation:
https://github.com/nostr-protocol/nips/issues/103
https://github.com/nostr-protocol/nips/issues/116#signed-out-banner-sign-up
https://github.com/nostr-protocol/nips/issues/123#signed-out-banner-sign-up
https://github.com/nostr-protocol/nips/issues/247
https://github.com/nostr-protocol/nips/issues/654
https://github.com/nostr-protocol/nips/issues/726
https://github.com/nostr-protocol/nips/pull/1051
https://github.com/nostr-protocol/nips/issues/1810
https://github.com/nostr-protocol/nips/pull/1837
https://github.com/nostr-protocol/nips/issues/1959
It's a lot to read, but it shows that our intrepid devs have not just ignored the issue. It is one that has been discussed multiple times at length without a good solution so far.
Bottom line: Don't stick your nsec into clients directly. Use a signer app to limit the potential for your private key to be compromised.
View quoted note →
