Nip46 remote signer is close to this solution, although a device with the master key needs to be active to complete the signing. I think nip46 has a better trade-off balance because all clients don't need to support the solution to associate those events to your account.
Both your idea and nip46 have a common flooe: the master key must remain a secret.
Intestesting project
Thank you! Unfortunately it's currently blocked by my noscrypt library, but it will get there eventually! I daily drive the dev version at the moment
O cool, its your work! I've been considering looking into the available self hosted server based remote signing options currently available.
That was the plan exactly! I like self hosting and I don't like moving my nsec around, like at all. As you can see nip46 is on the roadmap. I just want the nip to evolve a bit more from where it's at. The first iteration will likely only be WS direct server for privacy reasons!
Nice. How would you like nip46 to evolve?
I understand why relayed signer messages are useful for apps like amber and so on, but I believe it's a huge privacy (and security too) concern. I know we use initialization vectors in nip04 but I'm still not comfortable with the idea of privileged ciphertext data (with known formats) being hoovered by other sniffers. Basically I only want direct-to-signer connections, and at a minimum using nip44.
I shared my concerns on the nip repo a little while ago and I've settled until I can think of something better
With certificates/delegates/master-child keys you don't have that problem. Master key can stay in cold storage and you can create 1 certificate/delegate per app or multiple.
If you are going to make a breaking change to the nostr protocol like this you might as well focus on key rotation because normal people don't use cold storage and even cold storage can get hacked.
Certificates/delegates imply key rotation, because you rotate the certificate/delegate. For reasons of security and repudiation. Only the master is permanent.
As to what "people do" they'll have to do what we tell them is the right thing to do.
