Good points.
Discussion
Something also worth mentioning on the encryption side is: you can't put the toothpaste back in the tube. Once someone, or governments go hoovering up encrypted anything, if the encryption is ever found to be weak, your keys have now been compromised. We saw it happen with early SSL and the NSA, and is likely still happening. But that was just passive attacking, this allows for unrecoverable active attacks.
To my knowledge no other system functions with this much risk. I can't think of another scenario where a user doesn't have the ability to counteract and active attack.
Certificate authorities can issue revocations to limit damage
Bitcoiners can move funds if they get nervous or have many wallets
SSH can issue new certs
PGP can regen or issue revocations
Passwords can be changed
Bank accounts can be closed and reopened
TLS connections are generally short lived
nostr keys have no countermeasure whatsoever.
Yes. Nostr is going nowhere without key rotation.
This is also exactly why sending around encrypted nsecs over internet is not something to normalize.
100%
buuuuut … Encrypting nsec for private (everyday) use should still be best practice.
So … right now, I see the best “normie” onboarding experience is to simply encrypt and store (not share) their new nsec “in the cloud”. Let their “web of trust” do the key education. Here’s how:
- incentivize “nostr advocates” to invite their friends.
- ask for U&P (only) upon invite.
- create Nip05 with username.
- encrypt nsec with password.
- allow for logging in ( anytime to the onboarding client) with U&P and pasting OUT encrypted nsec for use in other clients.
- encourage advocates themselves to educate their new friends about key management, recomended clients, quality content and follows, and other Nostr pro tips all from WITHIN the onboarding app.
Tell me there’s a better way for onboarding today…
If we are strictly talking on-boarding, can't argue with that. A simple and secure solution first/default. If they want to leave/branch to other clients they can learn how to extract their keys, or try more secure management solutions.
Once client apps get better I can't imagine there will be as much client swapping as we do today. So it doesn't have to be easy to swap clients. I wouldn't swap so often if each client didn't have major UI issues that cause me to switch between them.
I also have to imagine some (or most) mobile clients will simply setup a nip46 signer in-app in the future anyway so if users want to try other clients they just need their starter app which is currently holding their keys, no nsec extraction necessary.