Replying to Avatar Five

Much discussion went into this topic, and the conclusion has been so far that the interoperability of nostr apps would be seriously threatened by such a move.

We have nip46 bunkers and now with #Frostr I really think the subkey hell can and will be avoided.
Avatar
Guy Swann 8mo ago

Bunkers are great for power users but terrible UX for the average person.

I don’t know enough about frost to know if or how it solves the problem.

And interoperability would be purely a problem of adoption would it not? That seems like a bad reason to make a decision at this stage. “Soft forks” only get harder and this is an important one. The “damage” of not being integrated is simply creating a new key for a specific client or service., but that other services would still see as belonging to you if they support it.

In other words the problem would be isolated to clients that don’t support it would not not?

Reply to this note

Please Login to reply.

Discussion

Avatar
Five 8mo ago

Can recommend latest [TGFN](https://thank-god-for-nostr.simplecast.com/episodes/frostr-wBOrP0Te) episode on Frostr.

It achieves the following:

- You can chop your nsec into shards (shamir secrets). These can generate valid signatures with an arbitrary threshold you configured initially

- You have your nsec (or just the shards of it) in cold storage and can distribute shards to bunkers, even custodians with high uptime in a safe way (eg 2 of 3, one at a custodian, one hot in your bunker and one only used when rotating)

- You can rotate the setup to a new set of shards. However, all setups remain valid (possible problem but not if you don't leak your cold storage nsec or threshold of shards). You cannot rotate your nsec though.

This achieves a kind of key rotation without nsec rotation, and still needs bunkers.

A subkey system would simplify the bunker problem but at the huge cost of transmitting, storing and coordinating a bunch of data on nostr for all events for just the subkey-related stuff.

The coordination part is the nastiest: Nostr is distributed so there is no guarantee of consistency. Therefore I wonder how you want to solve the problem of

"Am I really, really sure that I validated this event against the absolute latest state of this user's keys?

Was this event really signed before that old key has been deprecated?"

Nostr is designed so that no relay needs to be an absolute source of truth. The events themselves, signed by the pubkeys are. Self authentication. But what do we do when this assumption is broken? It all falls apart. You cannot have absolute consistency on nostr.

...and subkeys would not simplify the master key leak either.