This is a good point.
Besides key rotation maybe we should be signing in with derived keys? nostr:npub1gzuushllat7pet0ccv9yuhygvc8ldeyhrgxuwg744dn5khnpk3gs3ea5ds still working on that?
Discussion
using it for two factor might be interesting as well!
Are nprivs/npubs built in the same way as xprivs/xpubs? So they could have child keys?
Should be possible, if they aren’t already
Pretty sure it's possible but needs to be built out
I'm still not sold on the idea of derived keys. It takes so much verification on the client side
Bitcoin wallets can use it because they are handling money, but this is mostly just social posts
Is it though? We're building a lot of "other stuff" and an npub reputation could become more valuable than money
I agree the complexity is a bit much for users, but maybe branding it as a password manager would be easier. Each app has its own password (unique key) you can manage from an app.
To access the password manager, the master password (master key) is stored somewhere safer, like a hardware wallet or via MPC.
A password manager would make sense. But my concern is from the clients side and verifying events and keeping track of identities
Its the same issue with NIP-26, delegation or driving a key is fine but doing the verification for it takes a lot of work. Not to mention it complicates REQ to relays :(
True, but maybe there’s a way to simplify the workflow for users… nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s has a point here
nostr:note1yyns9tgz9dyfs4e5pywlw4xsjcrejl32hm89xqp63qejh0n8tkxq4u7xgg
I tend to agree, unless its dead simple and doesn’t complicate queries it seems unlikely to take off (cough delegation), plus the whole key migration issue if we’re expected to not use our hot root keys anymore 🤔
I'm still holding out hope for social key migration. Although I haven't done any work on it or read into it much
Yes, still working on it! I've been focusing on a different project recently, but this one is definitely on my mind. I need to review my proposed NIP-41, simplify it, and put more emphasis on social proof. I have some ideas, but haven't had much time lately. 😅