ynniv's avatar
ynniv ynniv@ynniv.com 5 months ago
Having implemented SSO before, I think that my proposal is more practical. How can anyone trust anything that a compromised key posts? What happens if the migration event is lost or not currently available? Why make everyone update their follow lists? It's better to separate identity from authorization, so that that hot new client never knew your identity nsec in the first place, and everyone still recognizes you as you, even if one of your app keys gets away.
GitHub
NIP-102: Subkey Attestation by ynniv · Pull Request #1450 · nostr-protocol/nips
This NIP defines a way to separate identity from authentication using hierarchical deterministic (HD) keys. This allows people to use one key pair ...
↑ Parent

Replies (1)

fiatjaf's avatar
fiatjaf _@fiatjaf.com 5 months ago
I get it, but any subkey proposal creates enormous burden on clients and relays and ensures nothing cool can ever be built again on Nostr. Also bunkers -- hosted frost multisig, self-hosted, running on your phone, running on trusted hosted hardware, running on a physical device in your home -- are the solution to not having to post your nsec everywhere.
1 replies ↓