Nostr Web Client

I agree that"hot "devices should never have access to a seed phrase, so they can't jump the counter. I'm just saying the cold root doesn't actually need to explicitly sign in the implicit version, migration can be instant, and the work for clients is basically negligible.

GHOST 1w ago

You’re right that implicit rotation can work in a perfect discipline model and does minimize client work.

The reason I still require explicit root authorization is survivability under failure. I want a cryptographic way to distinguish intent from accident or compromise, and a way to revoke or supersede a key after the fact.

Implicit “highest index wins” infers authority. Cold Root Identity makes authority explicit. That’s the tradeoff I’m choosing.

Reply to this note

Please Login to reply.

Discussion

asherp 1w ago

Sounds good. I think it's a fair tradeoff.