nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z earlier creation date than nostr:npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6 ๐ค (nostr.band)
Discussion
It just means that my account is less secure because I used all the early clients with this account :)
Delegated signing (nip26) is being worked on I hear, but is there a nip or work being done on full key rotation for situations like this where a key is compromised?
Lots of ideas for key rotation were proposed in the past, but no actual cryptographic reviews or implementations. Much less consensus. It's by far the weakest point of nostr and it really needs man/hours to get through.
Really something to work on before the unpredictable mass popularity arrives. #[6]โ #[7]โ are you guys working on / interested in bounties for this area? Or is best option to get nip26 working and just remake accounts with new airgapped parent key?
NIP-26 is bad.
in the least sexy but arguably most important cohort of issues esp for mass adoption (which does offset critically for now ๐ )
Also, cold keys with NIP 46 is probably better than nip 26. I have lots of questions on how to immediately deauthorize a key after the key and thus the token leaked with NIP26.
Yes, this.
๐
