Nostr Web Client

A non-starter for certain companies, I should say. I've worked with bigger brands for years, and for many in that category it's just not tenable to have the brand (or one of the many portfolio brands) present anywhere online in an official capacity if that presence rests on a single private key that has been "seen" and that is super-glued to important aspects of the past and the future.

This is due to the "You can never un-see an nsec problem", for lack of a better descriptor. If a CTO—or even a CEO—retains knowledge of that nsec post departure from the company then this just doesn't work, to say nothing of staff members further down the IT ladder (departments under departments under departments). And the higher up the ladder the less chance the person could be asked to take part in the nsec security chain (i.e. nobody would dare to ask).

Which means that either nobody at such a brand ever sees the nsec (it's generated and held cold by a trusted third party under contract, and the brand teams are only ever issued bunkers from shards as per the contract terms) or there has to be another solution.

This is not just your Pepsi's or your Toyota's either. My take is that brands don't have to get much bigger or less plugged-in than say Alby for this to be a deal-breaking concern.

hodlbod 10mo ago

That makes sense, but I believe you can generate frost shards independently, which would allow multiple trusted parties to collaborate without ever seeing the full key. Of course, hand-off in such a way that no one has the whole key would also be a problem, but I think we have the basic tools

Reply to this note

Please Login to reply.

Discussion

Garbage nsec 10mo ago

On the technical side I'm sort of with you, on the workplace-psychology side I'm very much not. I think most companies of a pretty common sort would look at such a multi-sig setup and take a hard pass (having absorbed maybe15% of the argument).

And the hand-off as you say is trickly. I don't know how tight that can ever be. Pre-shard generation (first shards) someone sees (or can see) the nsec and that someone, for the rest of their life, cannot un-see it. And the shards will need to be revoked, refreshed and swapped out over time, which requires the nsec to do. And employees come and go. Thus the nsec is always going to be at risk of forever residing in multiple human brains, including potentially not nice brains.

Companies as relays, on the other hand, I do sort of like. Leaves everything to cloud IAM. Sort of analogous to Facebook profiles and Facebook pages.

Niel Liesmons 10mo ago

Yup nostr:nevent1qvzqqqqqqypzqwlsccluhy6xxsr6l9a9uhhxf75g85g8a709tprjcn4e42h053vaqyg8wumn8ghj7mn0wd68ytnhd9hx2qgdwaehxw309ahx7uewd3hkcqpqqqqfdftvgmpx2cy9fpzl9ru6qst94396ye8wjh56lhy6vs7elh0qwk667u

Garbage nsec 10mo ago

If it’s engineered in such a way that the signers truly cannot join forces to recreate the nsec then that means the nsec must be considered lost to the sands of time. That freezes everything in state, and far as I can see that freezing in state creates more problems than it solves. I’m open to something along these lines, but I just can’t see daylight there yet.