Delegated signing (nip26) is being worked on I hear, but is there a nip or work being done on full key rotation for situations like this where a key is compromised?
Discussion
Lots of ideas for key rotation were proposed in the past, but no actual cryptographic reviews or implementations. Much less consensus. It's by far the weakest point of nostr and it really needs man/hours to get through.
Really something to work on before the unpredictable mass popularity arrives. #[6] #[7] are you guys working on / interested in bounties for this area? Or is best option to get nip26 working and just remake accounts with new airgapped parent key?
NIP-26 is bad.
in the least sexy but arguably most important cohort of issues esp for mass adoption (which does offset critically for now 😅)
Also, cold keys with NIP 46 is probably better than nip 26. I have lots of questions on how to immediately deauthorize a key after the key and thus the token leaked with NIP26.
Yes, this.