Key rotation on Nostr is not a feature request. It’s not some abstract future problem. It’s the core design flaw sitting under everything we’ve built.
https://untraceabledigitaldissident.com/cold-root-identity-a-survivable-model-for-nostr-keys/
Have you used frostr or a bunker?
Frost and Bunker are signing tools. Cold Root Identity is about how identity survives compromise over time. Different layer of the stack.
Frost or Bunker could implement it cleanly, but the article is about fixing the identity failure mode, not choosing a signer.
Yeah, but they are pretty decent options. You can use amber and then you have a cold nsec. You can also keep it hot and then rotate that "secret".
They improve key hygiene, not identity survivability. CRI separates authority from usage so compromise doesn’t end the identity. They are solving different problems.
Only probable solution seems to be hold a master key and use derived keys for apps, clients would have to remap a bit and mix in some Nip-05 that also kinda maybe a tiny petit solves a bit here.
That’s the idea. Cold master key, derived epoch keys.
The difference is continuity comes from cryptographic lineage, not NIP-05 or client remapping. Those are optional conveniences, not the foundation.
Couldn’t lineage also be kinda forked over ? But in practice I guess you correct, also not a single client supports any of these kinds of this practices. Everybody here still in raw dog mode 😆
It can fork, but only root authorized lineage matters. Clients follow the highest valid branch.
And agreed. Right now everyone’s still pretending long lived hot keys are fine.
I like the idea that a compromised key becomes a time limited event. Would deriving child keys be comparable to HD keys or BIP85?
Facts.
the lack of key rotation is also the only thing that makes nostr possible at all?
retard
with that said the solution you propose looks sensible and reasonable
Why does your privacy blog have cookies
