Nostr Web Client

I agree that delegation to other generic entities is not crucial, but a way to rotate/invalidate keys seems essential, isn't?

What I worry is that when onboarding will increase, malware and scammers will follow: and a compromised key entails the loss of considerable value, and can also bring damage if the attacker uses it for malicious purposes. Such a situation would immediately drive the user away and create bad publicity for Nostr.

The only mitigating alternative I see, without touching the protocol, is for NIP-46 to impose itself and become the recognised standard, and *all* clients to use it by eliminating login via nsec.

7c7985d3... 1y ago 💬 2

Rotating and invalidating keys is essential. Mistakes will be made.

Reply to this note

Please Login to reply.

Discussion

fiatjaf 1y ago 💬 2

The first mistake is thinking this is essential.

Zio Mc 1y ago

Yesterday i tried primal on android, i copied my nsec from amber, 10 minutes later i pasted the clipboard contents in the search box of you tube.... 😭...... Mistakes happens.

It's essential

daniele 1y ago

This can be solved, or at least mitigated, using the ncryptsec. More client should support it.

7c7985d3... 1y ago

I'd argue that the first mistake was when you created the protocol without this already solved .