Thank you for the detailed response!
For that last paragraph, is that solved by Frost?
I see FROSTR is being developed, seems an initial PoC has been built. Have you looked into this, and if so, what’s your thoughts?
Discussion
Great question! The short answer is no.
However, FROSTR is a very interesting way to have multi-sig for Nostr signing. However, each key shard is still kept hot. These are not child-keys so much as portions of a full key that are split apart so that it takes a quorum of the parts in order to sign.
This is being used in Njump's new onboarding tool announced here:
The way it is implemented, signing requests are sent to the key-shard custodians via NIP-46 and are automatically approved. Pretty cool idea, but not an answer to the key management problem entirely.
Hmmm, a difficult problem to solve indeed. But it does need to be solved! Relying on browser extensions is not the way to go…
Is the best solution, as it currently stands, nsec bunker and coracle usage then?
If you don’t mind me asking, what trade offs did you go for?
I happen to be using Coracle via NIP-46 login right now, actually. I generally use Alby as my signer extension on my desktop, but I am testing out Amber's NIP-46 signing option for a review I am writing.
I also use Amber for all signing on my mobile Nostr clients, using NIP-55 whenever possible.
I don't log into any clients that require my nsec whatsoever.
I think that's about the best we can do at this point. If NIP-46 signing was just a bit more reliable, I would go to just using Amber, and not use a browser extension either.