Nip05 is not secure. Any malicious server can add your pubkey to their well-known. Post-compromise, the same bad actor could immediately update the Nip05 field of your kind0….
Discussion
Right, I'm saying nip05 is the only real external validation nostr has. For this to work youd need either the open timestamp attestation stuff on profile updates and/or the web of trust to keep track of nip05 domain changes. If the domain changes you loose the trust score. Something like that.. I know it's prob not setup for this right now. For me, I use a nip05 that I manage personally, this may not work as well for nip05 provider services that login with npub, hehe.
It's kinda like keybase or a pgp key server.. some external source of, "hey this is me now" outside of nostr.
shouldn't the nip-05 only be relevant to the npub shown in the kind 0 that contains the URL spec where to look for the nip-05?
anything else on that domain that doesn't have that npub is surely irrelevant if there isn't a corresponding event signed by the same npub?
Right, so the flow would be, you get your key compromised, you post some kind of "hey this key is compromised and here's the new one", and the new key's profile has the same nip05 address but with the new pubkey.
been wanting this forever
but it shouldn't delete the old events, instead they should show a little icon or something to indicate the new npub and group the old npubs with the new npubs for filters and search results....
so there might be some more things to think about yet
Ya I mean, if my key was compromised tomorrow this is what I would do. I will always have control over cloudfodder@rogue.earth. the only thing is, maybe nobody pays close attention to nip05s, but they could. For example, I used to try to find people that way, when jack deleted his completely I was like wth it used to be @cash.app). But then they became almost as useless as a badge because everyone just wanted a cool badge and the nip05 providers don't go and try to prove it's 'you' in any way other than probably with your nostr key. (that's broken because it makes nip05 useless imho).
External validation is the only real way I see to do this kind of stuff..whenever you validate some software via gpg you'll notice this problem, like, which key do I validate with? The answer is you check a few different sources and if the key fingerprint matches you trust it more.
yeah, and there is proper revocation certificates that can't be faked too, that's another one, and as i mentioned to semisol, a real HD keychain, ideally one that builds from a hardware wallet so you can gen a new ID from the seed and probably can even use xpubs then to identify linked keys, but not change them unless the revocation is published