Why is key management a non-starter? I could see companies running a relay, but I would think a pubkey would be a better way to start.
Discussion
A non-starter for certain companies, I should say. I've worked with bigger brands for years, and for many in that category it's just not tenable to have the brand (or one of the many portfolio brands) present anywhere online in an official capacity if that presence rests on a single private key that has been "seen" and that is super-glued to important aspects of the past and the future.
This is due to the "You can never un-see an nsec problem", for lack of a better descriptor. If a CTO—or even a CEO—retains knowledge of that nsec post departure from the company then this just doesn't work, to say nothing of staff members further down the IT ladder (departments under departments under departments). And the higher up the ladder the less chance the person could be asked to take part in the nsec security chain (i.e. nobody would dare to ask).
Which means that either nobody at such a brand ever sees the nsec (it's generated and held cold by a trusted third party under contract, and the brand teams are only ever issued bunkers from shards as per the contract terms) or there has to be another solution.
This is not just your Pepsi's or your Toyota's either. My take is that brands don't have to get much bigger or less plugged-in than say Alby for this to be a deal-breaking concern.
That makes sense, but I believe you can generate frost shards independently, which would allow multiple trusted parties to collaborate without ever seeing the full key. Of course, hand-off in such a way that no one has the whole key would also be a problem, but I think we have the basic tools
On the technical side I'm sort of with you, on the workplace-psychology side I'm very much not. I think most companies of a pretty common sort would look at such a multi-sig setup and take a hard pass (having absorbed maybe15% of the argument).
And the hand-off as you say is trickly. I don't know how tight that can ever be. Pre-shard generation (first shards) someone sees (or can see) the nsec and that someone, for the rest of their life, cannot un-see it. And the shards will need to be revoked, refreshed and swapped out over time, which requires the nsec to do. And employees come and go. Thus the nsec is always going to be at risk of forever residing in multiple human brains, including potentially not nice brains.
Companies as relays, on the other hand, I do sort of like. Leaves everything to cloud IAM. Sort of analogous to Facebook profiles and Facebook pages.
If it’s engineered in such a way that the signers truly cannot join forces to recreate the nsec then that means the nsec must be considered lost to the sands of time. That freezes everything in state, and far as I can see that freezing in state creates more problems than it solves. I’m open to something along these lines, but I just can’t see daylight there yet.
This is the same basic issue with companies owning crypto, right? I mean some CFO sets up a wallet, has the seed phrase in a notebook in their desk...
I feel like this is one of those things where the corporate world needs to adapt to the new reality that users are adopting, not the other way around...
It's also important to point out that the alternative to "cryptographic proof" of identity is significantly more expensive, slower and more cumbersome "legal proof".
That's true. Though I'd argue that the corporate world has by and large already adapted by outsourcing custody, and that chapter is closed. Just not sure that approach works for Nostr. Very different departments.
Yeah... Arguably corporate "social media strategy" is something that's still being developed, and I think "best practices" haven't exactly been ironed out yet.
Then why not just use that same key (which they already have a delegation solution for) as the Id for their community?