Replying to Avatar HoloKat

He’s not wrong. Leaking your nsec is irreversible and password and accounts can be recovered.

We could fix this but it seems it would require cooperation from everyone. nostr:note1k3e40jm5negkzz9z3eezn5mt0u2z0ufddw65t2t6pk8zlmy6tfzsuewzl2
Avatar
Logen 10mo ago

I’m still failing to see how this wouldn’t be resolved with a nip-05.

If a user posts the nsec of the compromised account on the new secure account and the new secure account has an updated nip-05 pointing to the same URL as before.. Then nostr clients could be setup a feature to follow the new npub with the legitimate nip-05 and ignore the leaked account.

ie. If my nip-05 points to a new npub, and that new npub has posted the nsec of this old npub, autofollow the new npub and unfollow about the old one.

Even if someone with the private key of the compromised nsec attempts to update the nip-05 to a new one. The private key would be burnt to the new account and the client can verify the new npub with a new nip-05 lookup and burnt key combination.

I’m probably missing something obvious 🤓

Reply to this note

Please Login to reply.

Discussion

Avatar
HoloKat 10mo ago

Nip5 only works if everyone knows which domain you use as an identifier. This is a poor way to verify as there are many legit domains that may sound like the correct identifier - very prone to scams.

Avatar
HoloKat 10mo ago

Even then, you lose your entire social graph and have to rebuild it.