Replying to Avatar Lyn Alden

Here's an #asknostr for today as I finish up a round of research. I've already looked into this a lot myself but it's ever-changing and there are people way deeper than me into this.

Frictions and risks related to key management are often cited by critics as one of Nostr's limitations. You lose your key, and you lose your identity. Plugging your key into a bunch of different apps is not ideal, since the more you do, the bigger the potential attack surface is for a leak.

Restricting your usage to a couple apps or browser extensions, and using them to sign for other applications, seems to be the best method so far for minimizing the attack surface.

Looking beyond that, what sorts of protocol updates or app services are ideal to help minimize the frictions and risks of key management while keeping the protocol itself super simple as it is?
Avatar
Mark 1y ago

I was hoping someone would come up with some clever cryptography that allows you to have a master, cold-storage key that generates child keys which are all used to post under one identity.

If you lose a child key, you sign a message with your master key to publicly revoke it somehow and generate a new child key.

No idea if this is feasible or not.

Reply to this note

Please Login to reply.

Discussion

No replies yet.