Nostr Web Client

We need to develop a system of parent and child keys on #Nostr that can be managed by an admin key. This admin key could potentially utilize multi-signature functionality for added security.

This system would serve two important purposes:

1. It would eliminate the need to create a new npub (public key) in case of a compromised key.

2. It would be particularly beneficial for businesses, especially those that outsource their social media management.

Many businesses hire external individuals or agencies to manage their social media accounts. If any of these individuals compromise the key, either accidentally or intentionally, or attempt to retaliate against their former employer (which has been known to happen), the admin key or keys could lock the child keys of those employees when they no longer require access to the account.

It's unreasonable for businesses to have to navigate this vulnerability when the consequence of failure is having to start a new npub. A hierarchical key system would provide a much-needed solution to this problem.

Reply to this note

Please Login to reply.

Discussion

Luffy 1y ago

Interesting idea could be very useful.

I wonder 1) how many businesses are on nostr and 2) have it as their primary social. Wondering if there is some way to track the # of businesses on nostr. Would likely be a crude metric I guess.

I also wonder if these sub accounts could have diff posting permissions. Like top level posting and 'reply only or DM only' posting.

Gonna post a NIP?

elsat 1y ago

Lack of key rotation seemed microstrategy’s objection to nostr

SimplifiedPrivacy.com 1y ago

completely agree. 100%. been bitching about this

idsera 1y ago

cc nostr:nprofile1qqs983aac0j6k9yz794l0yw9ds6dkd0krcla20gaavy8kfmv0kaltwqpp4mhxue69uhkummn9ekx7mqprfmhxue69uhhg6r9vehhyetnwshxummnw3erztnrdakszxrhwden5te0wajkccm0d4jjumn0wd68ytnhd9hx2ejygd4

Radar 𓅦 1y ago

🙏

Companion 1y ago

Booo JBOK is more fun; feels like the good ol' days

devsou.com 1y ago

There are already some initiatives in this direction:

https://github.com/nostr-protocol/nips/pull/1450

Melvin Carvalho 1y ago

#subkeys ... many of us have been saying this for a long time

OzzyHB 1y ago

Have made a couple of notes to this affect, would be a game changer for account security.

Ava 1y ago

💯 This proposal looks promising (see bottom of post).

nostr:nevent1qqsxytqftrrs44j9xzswmmdq8c4eqrya4w7upk5cmylqcvm56h9kzgcpzemhxue69uhkummnw3ex2mrfw3jhxtn0wfnj7q3qf6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4ksxpqqqqqqz80s7p0

OzzyHB 1y ago

Could nsubs expire (after say 24hrs) the nroot just updates it over another service simplex etc.. No need for extra computation then?

SwBratcher 1y ago

Yes! The note below is where I first started thinking along the same lines as you. Having been at an agency where brands were navigating social account permissions, the nsec/npub pair alone will be a nightmare.

nostr:note1ssw0ejacstp6ygtjltl7r0npnnx53a7nxtzvdyuxszclm6lc62gsq9mydx

SwBratcher 1y ago

Here’s the current draft of the idea…

https://github.com/swbratcher/nips/blob/master/NSUB.md