š Boost your account security with NIP-9999! š
This proposal brings subordinate keys (nsub) and revocable delegation proofs to Nostr, delivering enhanced security and scalability for key management. šcheck out the articleļ¼written by nostr:npub1gkgyk28lurjuhyfjlxsga9mw6lc0c47c8pmcr65usre9d3qjcx6q9cyk5m nostr:naddr1qqnyuj2s95unjwfe94c8yefdv9k8q6rp94nx7u3dvejk2erzv93kkttgd3cnqef4qgsytyzt9rl7pewtjye0ngywjahd0u8u2lvrsaupa2wgpujkcsfvrdqrqsqqqa280j9mqg
Not sure how to comment on the article itself so Iāll put my brief thoughts and suggestion (use case) here.
1. I love the idea and it would be very useful and valuable to Nostr.
2. Use case. Re: delegation (ie team members posting content)
It would be great if there is a way during the revocation process to identify which post of the delegatee should be kept vs removed.
Since I havenāt yet seen a delete or edit and rebroadcast function for Nostr, this may not be possible to delete malicious notes.
But I can imagine a scenario where a team member (nsub) has posted 1000 notes then They go rogue and start posting junkā¦Iād want to keep the 1000 proofs of work (notes) but revoke or delete the malicious and recent ones.
Similarly it might be nice to tag or otherwise appended/identify notes with a ārevoked nsubā or some identification so that readers know the 1000 notes were posted by a team member that was removed,
Or, I think it was Facebook did this for biz profiles, the admins could see what post was actually posted by another admin or moderatorā¦I donāt Recall, if everyone could see that, or if it was only Admins that could, but in this case for Noster, it would be nice that whenever an in sub posted, it was identifiable with a particular person, perhaps as a tag or something so that viewers know it is from a representative and a real human in the organization instead of just the brand at large.
you may just open the article and click on the comment icon it will pop up the comment section š
Ok I think I did thatā¦
In the lower left corner of the app (on iOS) I pressed the comment button and added it there as well.
I see there are apparently 2 comments on the article now.
However in YakiHonne, when viewing the article, where / how should I see other comments? When I click the comment bubble it only slows me to write another comment
These need cases match the existing intent of the NIP. But I was exploring the attack vectors, and there is too much vulnerability for this. Likely wonāt work. And too much governance passed to the relay. Iām going to have to reapproach the solve, which is needed. But this may not be it and Iām stepping away from the NIP. Iām a noob on the protocol so sorry about my learning curve.
This sounds cool but I would prefer we have a way to secure our actual nsec address before doing this.
Right now deep storage of your nsec would be too inconvenient. With this NIP, it would become convenient as only delegate nsubs would be out in the world, treated as we treat nsecs now, and would be revocable.
I know there is an app to store it in, but thatās just trading one attack vector for another.
I wonder if there is a way to make your nsec only visible client side, so there is no way to extract it from the client itself.
Sort of how you can use a cloud storage app that has client side encryption so that the server maintainers donāt have access to your info.
Right now, my biggest worry, especially with most of the clients being open source, is that someone will figure out a way to gain access to a userās nsec.
My vision on this, especially for high value brand accounts, would be a never-seen nsec on hardware, or a simple highly specialized and secure application, that's just used to sign nsub delegations and revocations.
Hereās the current draft of the idea in GitHub, where deeper discussion likely belongsā¦ Needs both dev and UX feedback to clarify capability of protocol to handle the change, and the importance of the change for user security and adoption.
Subordinate keys š±. What a great idea š” ā This is a comment on: https://yakihonne.com/flash-news/nevent1qqsq246kv6y35haku9f26yqa5tj966eq8nn0mgh6anmk5ex4klwa5kqzyqsfsmac8em4m9k33r99e803pnndvylqadl9w69q7zcjkd7d4ssmxqcyqqqqqqggzd9m5
