Replying to Avatar Steven Day

Thought about this for a second but haven’t worked out the UX.

- You have a main key 1234 and a secondary one generated 5678 separately (non derived from main key)

- your main npub has a kind 0 profile that has information that says that your “subkey” is 5678

- your subkey has a kind 0 profile event that just says “parent” 1234

- you use key 5678 and post a message

- clients that understand this will look up key 5678 kind 0 eventand see that it points to a parent key 1234.

- clients will check kind 0 event for 1234 and also see that it confirms the subkey.

If parent npub is compromised the subkey can disassociate.

If the sub key is compromised the parent key can disassociate.

Not sure of the UX because of having to manage multiple distinct keys to manage.

I might think more about this. Thoughts?
Avatar
Garbage nsec 1y ago

Nice. Earlier I was thinking along these lines for DMs to deal with the metadata issue without requiring gift-wrapping.

-Bob creates a secondary npub, this npub has no profile

-Bob messages Alice from the secondary npub with a special event called an 'It's me message' (IMM) or some such thing. This templated message contains Bob's actual npub

-Alice's client receives the IMM and sends back an IMM return (also an event type, contains a code valid for a period of time)

-Bob's client adds this code to Bob's profile, similar to adding a TXT record for DNS verification

-Bob's client sends a "go check" message to Alice

-Alice's client sees the code on Bob's profile and marks the DM chat as as being with Bob. Code is no longer needed.

The idea being this would all run over a few seconds, and Alice would not have to know anything about it if the verification failed.

Reply to this note

Please Login to reply.

Discussion

Avatar
Steven Day 1y ago

That’s interesting.

I had something similar for email on Nostr and paired contacts for high trust senders. Instead of using kind 0 it was more of using an addressable kind, sort of like an MX.

I have a backlog on the stuff I want to build…lol

Avatar
Garbage nsec 1y ago

Lol yeah, ideas wizzing around here. Also the issue of maintaining all those npubs with a sign-in extension or whatnot.

Avatar
Steven Day 1y ago

I’m going to publish a long form note with my thoughts on here including challenges.

I think it could be doable and just may have some limitations to be worked through and/or accepted.

For example, subkeys may have to inherit all the parent key attributes including relays and follows. If a client wants to make those changes it would have to be at the parent key level.

I also thought about “soft revocation” where you revoke a key but still want the previous posts to show as the parent key. Thinking of a company that is allowing an employee to post on behalf then they leave. If you just fully revoke, then all previous posts won’t show anything.

Stay tuned. Could be something or just a random idea that goes nowhere.