Replying to Avatar fiatjaf

Here's an idea for saving people who compromised their keys:

- first you nominate 5 friends

- then you paste your keys on Anigma and they get stolen by #[0]

- now you make a new key and ask your 5 friends to visit savemyfriendsnostrkey.com and click a button attesting that that is your new key, they will publish these as special events

- finally you use your compromised key to gather the 5 attestations from your friends and publish a new special event

- now all your followers that see this special event will automatically stop following the compromised key and start following the new key

- people using clients that do not support the special event can open refreshmyfollowlistwithupdatedkeys.com and their contact lists will be automatically updated
Avatar
fiatjaf 2y ago

I feel like this process and many variations of it (for example, the NIP-41 and NIP-109 proposals) can all be described in the same NIP and be supported in various degrees, with different security models for different people.

The NIP-41 idea can only be done by people that are very serious about their key security, while NIP-109

Reply to this note

Please Login to reply.

Discussion

Avatar
fiatjaf 2y ago

... can be just a fallback for when nothing else works (just delete my key).

The key insight here is that people become used to the practice of from time to time, scanning the network for some special events that signal that some keys may have changed, and then they stop following the old one and start following the next. This can be done inside their main social app or on a standalone app or website.

Avatar
fiatjaf 2y ago

But all these possibilities are not to be seen as "key rotation". They are, as the text for the NIP-41 proposal says, best-effort attempts to minimize damage from losing keys.

Avatar
fiatjaf 2y ago

More thoughts on this from past month:

- https://fiatjaf.com/4c79fd7b.html

- https://fiatjaf.com/72f5d1e4.html