Can recommend latest [TGFN](https://thank-god-for-nostr.simplecast.com/episodes/frostr-wBOrP0Te) episode on Frostr.

It achieves the following:

- You can chop your nsec into shards (shamir secrets). These can generate valid signatures with an arbitrary threshold you configured initially

- You have your nsec (or just the shards of it) in cold storage and can distribute shards to bunkers, even custodians with high uptime in a safe way (eg 2 of 3, one at a custodian, one hot in your bunker and one only used when rotating)

- You can rotate the setup to a new set of shards. However, all setups remain valid (possible problem but not if you don't leak your cold storage nsec or threshold of shards). You cannot rotate your nsec though.

This achieves a kind of key rotation without nsec rotation, and still needs bunkers.

A subkey system would simplify the bunker problem but at the huge cost of transmitting, storing and coordinating a bunch of data on nostr for all events for just the subkey-related stuff.

The coordination part is the nastiest: Nostr is distributed so there is no guarantee of consistency. Therefore I wonder how you want to solve the problem of

"Am I really, really sure that I validated this event against the absolute latest state of this user's keys?

Was this event really signed before that old key has been deprecated?"

Nostr is designed so that no relay needs to be an absolute source of truth. The events themselves, signed by the pubkeys are. Self authentication. But what do we do when this assumption is broken? It all falls apart. You cannot have absolute consistency on nostr.

...and subkeys would not simplify the master key leak either.