Subnostr

utxo the webmaster 🧑‍💻 2y ago

Is there a way to implement revokable keys?

Like if I want to allow an app to post in my behalf without giving up my nsec?

Or a business Nostr profile when employees turn over?

Reply to this note

Please Login to reply.

Discussion

nobody 2y ago

Isn't that this proposal? It's like a nip without kind it seems

https://github.com/nostr-protocol/nips/blob/master/26.md

utxo the webmaster 🧑‍💻 2y ago

👀

nobody 2y ago

Sounded like it "For example, a user could generate new keypairs for each client they wish to use and authorize those keypairs to generate events on behalf of their root pubkey, where the root keypair is stored in cold storage."

utxo the webmaster 🧑‍💻 2y ago

Yes basically but if I understand correctly this isn't revokable, it just expires at a certain date time

nobody 2y ago

Im a newbbbbb

utxo the webmaster 🧑‍💻 2y ago

Same

nobody 2y ago

Seems we in the right place 🤙

nobody 2y ago

Just realized you said revocable 🤣 like I said, nostr newbbbb

⚡A C V⚡ 2y ago

The NIPS for this doesn't currently have revocability. Messages are too ephemeral and there's no mechanism for knowing that all nodes have seen the revoke message.

The best we have is if the relay has seen the message, the message itself sets an expiration. So if you delegate signing to another key for 3 days, 30 days, whatever, any relay that has seen this delegation will accept messages signed by the key until the time-out. If it hasn't seen the delegation message, though, it will reject them.

utxo the webmaster 🧑‍💻 2y ago

Hmmm, wouldnt seeing a revocation event just as likely/unlikely as the delegation event?

⚡A C V⚡ 2y ago

I suppose so. It's definitely been suggested that revocation is important, but it's not in there yet.

Carlos 2y ago

Thread on revoking nostr keys: #[0]