Nostr Web Client

I don't follow. My proposed NIP-102 uses one key to attest other keys, so it could be cold and offline. If one gets lost, you disavow it the same as NIP-22, and issue a new one. Your friends don't need to validate the rotation though.

Vitor Pamplona 11mo ago

That's not how nostr works. The key's friends will still be following the old key regardless of your "disavowing". Their clients must each implement your thing and help that user migrate to the new one. Until then, they are following the old one not knowing anything about the change.

Which means that your user will inevitably have to declare the key as stolen in a regular kind1 and ask people to manually migrate to the new key, which duplicates the work and thus defeats the purpose of any automated system or key migration.

Reply to this note

Please Login to reply.

Discussion

ynniv 11mo ago

Not really? Think of session management: there are many tokens sessions for one user. You use your credentials once to get a new credential with the same authority as the password, but if it stolen it can be revoked without compromising your password. All operations behave as if the session token is the same as the root identity, and the only work that happens when a session is disavowed is that messages signed by the session should be deleted.