fiatjaf's avatar
fiatjaf _@fiatjaf.com 5 months ago
I get it, but any subkey proposal creates enormous burden on clients and relays and ensures nothing cool can ever be built again on Nostr. Also bunkers -- hosted frost multisig, self-hosted, running on your phone, running on trusted hosted hardware, running on a physical device in your home -- are the solution to not having to post your nsec everywhere.
↑ Parent

Replies (1)

ynniv's avatar
ynniv ynniv@ynniv.com 5 months ago
I don't understand the complexity criticism. Clients make a random key when they're installed, then request a signed attestation from the identity key. When they sign things they also include this attestation. When a relay sees such an event, it validates the attestation (this can be done with no additional information) and then substitutes the identiy npub for the publishing npub in all indexes. When clients see a new event, they do the same validation and substitution. The identity npub is all that matters. Finally, if the identity ever publishes an event disavowing a specific attestation, relays and clients should treat this as a deletion request for all events created using that attestation. And that's basically it ... treat (locally verifiable) attestations as if they were the author, and delete events that were made by a disavowed client key. Separating identity from authorization is an important part of improving the security of systems, and doesn't need to be onerous
1 replies ↓