Replying to Avatar PABLOF7z

If you had a way to preserve your nostr identity so that you could recover from someone compromising your nsec and it required writing a note in your nostr client, would you do it?

Repost for visibility, want to see what people think.
Avatar
Derek Ross 2y ago

absolutely. im curious how this would be handled though?

Reply to this note

Please Login to reply.

Discussion

Avatar
PABLOF7z 2y ago

the TL;DR is:

* you publish a whitelisting event for your next npub, the event is timestamped (NIP-03)

* when your account is compromised you publish a migration event from your new key

whatever valid migration event points to the oldest (unforgeable due to timestamping) whitelisting event wins

72
nobody 2y ago

I like the sound of this.

Avatar
Derek Ross 2y ago

What if the attacker publishes the migration event first?

Avatar
PABLOF7z 2y ago

you get a 60-day time window to publish a new migration event pointing to an older one

full spec: https://github.com/nostr-protocol/nips/pull/829

Avatar
Derek Ross 2y ago

Thanks. I'll give it a read.

Avatar
corndalorian 2y ago

For the sake of being overly paranoid, the new key now holds a lot of power and must be tightly guarded and kept track of even though not in use, as it could at any time be used by anyone who has it to invalidate the old account. New fear unlocked 😅 But I like that it could at least be an option.

Avatar
PABLOF7z 2y ago

yeah, but being careful with that key would be so much easier because you are not using it actively so there's no reason to go crazy entering the nsec in a million places

Avatar
corndalorian 2y ago

True.