👀🥶

👀

👀👀

👀👀

This is SO cool!

very cool! Does it work even this browser? :)

GitHub

Release v0.5.1mvp-128.7.0esr · Browser-for-SSI/gecko-dev-pkg-distributor

Add secret key import by hex format in about:selfsovereignindividual Fix UserAgent value for websites expecting firefox Change default prefs on bu...

# 👀🇧🇷GN

Confirmed. Super exciting stuff.

This is super cool. Do you have any ideas around where users might store their keys? I think for a good UX, it would be cool to label the keys I.E.: 1. This is your client key, 2. This is your igloo key, 3. This is your recovery key. But honestly, this feels like nsec bunker but where the bunker can't sign for you by itself which I guess is where you are going with this.

Oh, and I'm looking forward to learning about the ROTATABLE aspect of this too.

👀 How does turning an nsec into a rotatable multisig improve the flexibility or security of signing in this setup?

Click Here To Join The Real Elon Musk Private Telegram Account And Inbox Me For more Information 👇👇👇👇👇👇👇👇👇

Telegram

Telegram: Contact @ELONREEVEMUSK1729

Click Here To Join The Real Elon Musk Private Telegram Account And Inbox Me For more Information 👇👇👇👇👇👇👇👇👇

Telegram

Telegram: Contact @ELONREEVEMUSK1729

Click Here To Join The Real Elon Musk Private Telegram Account And Inbox Me For more Information 👇👇👇👇👇👇👇👇👇

Telegram

Telegram: Contact @ELONREEVEMUSK1729

Click Here To Join The Real Elon Musk Private Telegram Account And Inbox Me For more Information 👇👇👇👇👇👇👇👇👇

Telegram

Telegram: Contact @ELONREEVEMUSK1729

Click Here To Join The Real Elon Musk Private Telegram Account And Inbox Me For more Information 👇👇👇👇👇👇👇👇👇

Telegram

Telegram: Contact @ELONREEVEMUSK1729

Click Here To Join The Real Elon Musk Private Telegram Account And Inbox Me For more Information 👇👇👇👇👇👇👇👇👇

Telegram

Telegram: Contact @ELONREEVEMUSK1729

your nsec can be retired to cold storage and only used offline to rotate your signing shares

we have clients planned for desktop, browser, mobile, server and server-less environments all signing nodes communicate over nostr so they can live on any device with an internet connection

frost2x works in chrome environments, still need to make a firefox/gecko compatible version, but the code should be 95% the same.

siiick bro! could frostr eventually work on android and iOS too?👀

LFG

All right. looking forward it :)

👀 👀 View quoted note →

If this doesn't get Parker Lewis to stop being a curmudgeon about Nostr I'm not sure anything will.

Nice little demo of this here that shows it in action. There's even hardware signers out there if you wanna get really nuts about it. nevent1qvzqqqqqqypzpqtjhys9y37al6vm0qejq7pdqvf05vz6rx0m90528ejk8cstfu8zqqs9vnnt0fmr3sqxdsewuz6wfz48vsajdvnaqrg9u8llsn36mmf2x7stx6pww

Il problema delle chiavi private di Nostr La sicurezza delle chiavi private di Nostr è cruciale. Se una chiave privata viene compromessa, un utente perde il controllo della propria identità e dei propri dati. Tuttavia, gestire e proteggere una singola chiave privata può essere rischioso. Frostr: Una soluzione per la sicurezza delle chiavi di Nostr Frostr risolve questo problema introducendo un sistema di firma remota e rotazione delle chiavi "t-di-n" per Nostr, basato sul protocollo FROST (Flexible Round-Optimized Schnorr Threshold signatures). Ecco i punti chiave: t-di-n Multisig: "t-di-n" significa che sono necessarie "t" firme su "n" partecipanti per autorizzare una transazione o un'azione. Ad esempio, in un sistema 2-di-3, sono necessarie le firme di 2 su 3 partecipanti. Questo distribuisce il controllo delle chiavi private tra più partecipanti, riducendo il rischio di un singolo punto di fallimento. Firma Remota: Frostr consente la firma remota, il che significa che i partecipanti non devono avere le chiavi private memorizzate sullo stesso dispositivo. Questo migliora la sicurezza, poiché le chiavi possono essere conservate in luoghi sicuri e separati. Rotazione delle Chiavi: Frostr facilita la rotazione delle chiavi, il che significa che le chiavi private possono essere cambiate periodicamente. Questo riduce ulteriormente il rischio di compromissione delle chiavi, poiché le chiavi compromesse possono essere rapidamente sostituite. FROST: Il protocollo FROST fornisce un modo efficiente e sicuro per implementare la firma di soglia. È ottimizzato per prestazioni e sicurezza. Nsec: Nsec è il formato con cui le chiavi private sono salvate in Nostr. Frostr permette di utilizzare queste chiavi Nsec, e di dividerle e gestirle tramite multisig. In parole semplici: Immagina di avere una cassaforte (la tua identità Nostr). Invece di avere una sola chiave, Frostr ti permette di avere più chiavi (distribuite tra più persone o dispositivi). Per aprire la cassaforte, è necessario un certo numero di queste chiavi. Inoltre, puoi cambiare queste chiavi periodicamente per una maggiore sicurezza. Vantaggi di Frostr: Maggiore sicurezza delle chiavi private di Nostr. Riduzione del rischio di perdita o furto di chiavi. Migliore controllo e gestione delle chiavi. Resilienza contro la compromissione delle chiavi. In sintesi, Frostr offre una soluzione robusta e sicura per la gestione delle chiavi private di Nostr, rendendo il protocollo più sicuro e accessibile per un'ampia gamma di utenti. View quoted note →

Can you compare/contrast this with fiatjaf's promenade project? Can frostr be reconfigured to support third-party shard custody? It would be great to solve key management and rotation without users having to learn how to do it (at least to start). Short of collusion between providers, I would imagine custodial shards would be pretty safe.

The problem is you can’t really revoke shards. I’m looking into using SEs for Nostr key storage.

I haven’t looked into promenade so not sure on that. if I’m understanding your question correctly with Frostr you can configure basic permissions on a given share within signing client (send / receive / both) meaning it has permission to either send a request to another share for sig, only receive requests, or both. This effectively allows you to have a “third-party“ share (receive only) that you could give out to different clients/services for signing @cmd I get this right?

I don't understand the receive/send distinction and why it's important. Is it just that you want certain shards to be passive and unable to initiate requests because they're in an untrusted context? This seems like it could be a nice complement to the usual pattern of nagging the user about every permission request. On promenade, I highly encourage you to check it out: https://git.fiatjaf.com/promenade It's currently used by https://start.njump.me to encourage new users to get started with a multisig bunker, without having to set up any signer software on their end. This seems pretty close to the ideal of abstracting away keys for new users without compromising security too much. If we get key rotation, simplier coordination, and/or encryption using frostr, that's an improvement over promenade. But third-party shard custodians have to be plugged into the nostr social layer via NIP 89 so that we can avoid collusion of dishonest signers.

Hey, would either of you guys like to come on @npub1mlca...8jpa and talk about frostr?

Yeah I’m down, might need to be next week though. @cmd ??

Yeah, no rush. I'll send you a DM with a link

This is greattt !

Promenade with a management layer (preview from daniele below) seems like problem solved almost entirely. I can't picture what else you'd want? And Frostr great for advanced users to take it further. nevent1qvzqqqqqqypzq77777lz9hvwt86xqrsyf2jn588ewk5aclf8mavr80rhmduy5kq9qqsqqqqv6w6jgsef6cfw8k8djv9yw36pdthjf0qa890vvzysgk964zqqsregp

I’ll spend some time with promenade this week! Will try and get a simple comparison between our two approaches

frostr works at a lower level than revocation. whatever revocation scheme you come up with will work on-top of frostr, they do not compete.

yes you can have a keyshare held by a custodian, and have that custodian participate in signing it's the same model as 2/3 with bitkey, casa or unchained, or any other multi-sig-as-a-service solution we are developing a server-less API gateway that people can run themselves, or a professional custodian can run on behalf of their customers that being said, you are better off running your own server, and handing out revocable tokens. remember that 2/3 with custodians is a compromise to help on-board normies away from single-sig setups, and should not be a desirable long-term solution nostr literally fixes the need for inviting custodians into your quorum. just run a gateway node on a laptop under the bed, don't give up *any* of your keys to a custodian. this goes for all multi-sig setups period. I'm running permafrost + frost2x, and soon(tm) heimdall for permissioned API access to my key

You don't want to send requests to off-line or intermittent peers, so the "send" list let's you to select which peers you expect to handle your requests. The "receive" list is less important to manage, but you may want to be restrict your node's participation with high-risk nodes, in case they get compromised.

The problem is you cannot revoke your trust in key servers

Yeah, my concern is normies that don't even know what keys are

it's okay, they will learn how to win. we will teach them!

By making stuff that they can use. Right? Right?

that is a job for @bitcoinplebdev I'm just here to contribute my share of broken and unreadable code

😂

Hey, did you guys get my DM? I'd still love to get something set up.

No I haven’t sorry! Am still down though! @cmd ?