Replying to Avatar Sep

that's NIP26 - Delegated event signing, but it's kinda deprecated:

https://github.com/nostr-protocol/nips/blob/master/26.md

Avatar
Luke Dashjr 1y ago

So review our key handling practices, but it's still impossible (or deprecated) to actually have good ones...?

Reply to this note

Please Login to reply.

Discussion

Avatar
Sep 1y ago

thoughts?

cc: nostr:npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6 , nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft

nostr:note12uj0j60pvzjtaaw2q2rqqc87y7lgwhqtpw06thahf5sqmxmftt8qqhqg4s

Avatar
Sep 1y ago

do you think using delegated event signing (at least the way mentioned in NIP-26) is the best practice of managing our keys?

Avatar
hodlbod 1y ago

Key delegation and revokation (or even better, rotation) are badly needed, but NIP 26 isn't it.

Some recent discussion on the topic: https://github.com/nostr-protocol/nips/pull/1452

I'm sure your perspective on the problem would be very welcome.

Avatar
fiatjaf 1y ago

It's not really necessary, because it is impossible.

Avatar
hodlbod 1y ago

Someday I'll sit down and singlehandedly solve social key rotation

Avatar
Nathan Day 1y ago

Attestations can help I think.

Avatar
EZ 1y ago

#YESTR

Avatar
b0b 1y ago

How does it currently work? Do nostr clients store the private key on their servers after it's submitted by the user?

Avatar
hodlbod 1y ago

Usually it's stored in the app/browser, hopefully never on the server. You can also use extensions like nos2x or alby to protect your key from the app, or you can use NIP 46 signers like nsec.app or Amber to hold your own keys and sign remotely.

Avatar
b0b 1y ago

Thank you for the explanation. I'm looking at the NIP-46 doc and it's really a neat solution.