Replying to Avatar PABLOF7z

I'm at the point where I think we should start shaming web apps that allow you to paste a private key

Devs, do you REALLY want the responsibility of getting someone keys and having those keys compromised?

REALLY?!
Avatar
Nicolas ₿ ⚡️ 🇦🇷🧉🤙💜 2y ago

I think the point is that anybody that is just joining the system would not really understand how to manage keys.. and you would restrict to tech savvy people if you only allow external signers as an option

Maybe the focus should be on how to restore control of your identity in an easy way in the event your key gets compromised.

Imagine something very simple... I get a key pair when I sign up and I'm asked to also add a passphrase which generates another signature together with my key and that signature is part of my eventkind 0 profile

if in the event a hacker gets control of the key (without passphrase), I'll always be able to create any random new key pair and sign a new event with my old key + passphrase showing that I'm the real owner of the old key that now wants to move to the new key?

Something very simple that does not need bip39 or any other thing... but that most users would understand?

Reply to this note

Please Login to reply.

Discussion

Avatar
PABLOF7z 2y ago

definitely key rotation/revocation is something we need to work on (I think is the last thing core to the protocol that is still kinda unresolved)

but that's unrelated to this; if an external signer is too hard for a user, key revocation is going to 1000000x harder.

Installing an extension is not hard, if anything, non-technical users tend to end up with a million shitty extensions they don't need; it could literally be a click away in most browsers

the current state of affairs is that even a simple warnings saying "install extension X, if you just paste your nsec here you might get rekt" even just that would be orders of magnitude better

(sorry for the rant, I could not sleep on the plane and I'm super tired 😂)

Avatar
Nicolas ₿ ⚡️ 🇦🇷🧉🤙💜 2y ago

I think we need to keep in mind that normal user by the time we plan for key revocation. We can't make it difficult for average Joe... you may have eventually set ups for highly skilled privacy and security focused folks but we need to have something super simple that is a lot better than the current stage even if it's not perfectly nuclear war resistant

hopefully we find something simple enough that would cover majority of the common mistakes and then if someone wants more and more security tthey can use external signers (as I do) etc.