Nostr Web Client

We should finally fix key rotation in Nostr.

I think this approach makes a lot of sense.

Let me know! nostr:naddr1qqgrydtrvyekywfev56nvdfjxsux2q3qklkk3vrzme455yh9rl2jshq7rc8dpegj3ndf82c3ks2sk40dxt7qxpqqqp65w2k68hy

Basanta Goswami 1mo ago 💬 1

Let's say you want to rotate keys, because you suspect it's been compromized. I'm a user who follows you so I would like to know the new key

Who's social graph does my client use to know the new key? If it's yours, then that graph could have been altered after the key got compromized, so it's not reliable. If I have to rely on my WoT, then somehow the people that I follow/trust would have to overlap with the people that you follow/trust

Reply to this note

Please Login to reply.

Discussion

Max 1mo ago

Its kind of up to the client implementation.

But as you say, in a compromised scenario we cannot trust relay lists, follows etc of that key.

The client could display all attestation events, with highlights for higher wot keys and follows / follows-of-follows. Arguably more information is better here, the algorithm can be simple or sophisticated.