Replying to Avatar David Caseria

What are your thoughts on a chain of trust structure for nsecs? A user would have a root nsec stored on a hardware device. When a Nostr app wants to authenticate a user, it can request a signed event from the root nsec to attest for the newly generated client-specific nsec. The root nsec stays secure and can revoke the client nsec later, and the client doesn't need to deal with any remote signing.
Avatar
Hazey 1y ago

But how will others know they're from the same user

Reply to this note

Please Login to reply.

Discussion

Avatar
David Caseria 1y ago

One idea is to have a tag reference the root public key. The client verifies the event is authentically published by querying for the attested public keys from the event published by the root key