Shouldn't an npub have a kill switch?
Say an nsec gets leaked or compromised.
It's owner could send a signed message to relays to disable (basically, ban or filter) all future posts, delete posts after a certain date or time, or even nuke the npub altogether.
It seems to me this should be possible with existing NIPs.
Thoughts on this?
#asknostr #plebchain
I was just thinking about a kill switch for people in dangerous countries, or positions a couple of days ago. Perhaps set a time if posts aren't made it can update meta using a new tag?
The user would want to create a new keypair, replicate all his metadata, and rebuild his follow list. But how to regain his followers? If the nsec is compromised, no message can be trusted. A new account could be spoofed.
🤔
There was talk of this when I first arrived in February, because NVK accidentally deleted his account. Your point above was the main takeaway from the discussions around this topic. I didn’t ever hear a solution.
Maybe a multisig solution?
It’s well above my level of expertise, but once a key is compromised I don’t know if it could ever be recovered. I think the individual would have to start again and rebuild their network. It would take some trust from their previous followers, but it probably wouldn’t take too long.
Or actually just incorporate pgp as the "multi sig." A pgp signed message posted to the original npub proving the new npub.
A pgp-signed "revoke npub⁰ and replace with npub¹."
Maybe pgp should even be the/a new verification standard.
nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z nostr:npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqn
PGP uses master and sub keys for that. So essentially the master key must be kept safe and it must sign each sub key or key revocation message. So only the sub private key, master public key and the signature must be known to the client to operate. Other clients then check if the signature matches (sub key signed by master) and can be assured that the key is owned by the same entity as the last (sub) key.
Dammit, it's hard to explain that in words 😂
No, I get what you're saying. I recently went through [this](https://www.digitalneanderthal.com/post/gpg/) to learn more about pgp. I do think some kind of "revoke npub0 and replace npub1" solution is in here somewhere, but someone smarter than me would have to take it from here...
