Replying to Avatar PABLOF7z

definitely key rotation/revocation is something we need to work on (I think is the last thing core to the protocol that is still kinda unresolved)

but that's unrelated to this; if an external signer is too hard for a user, key revocation is going to 1000000x harder.

Installing an extension is not hard, if anything, non-technical users tend to end up with a million shitty extensions they don't need; it could literally be a click away in most browsers

the current state of affairs is that even a simple warnings saying "install extension X, if you just paste your nsec here you might get rekt" even just that would be orders of magnitude better

(sorry for the rant, I could not sleep on the plane and I'm super tired 😂)
Avatar
Nicolas ₿ ⚡️ 🇦🇷🧉🤙💜 2y ago

I think we need to keep in mind that normal user by the time we plan for key revocation. We can't make it difficult for average Joe... you may have eventually set ups for highly skilled privacy and security focused folks but we need to have something super simple that is a lot better than the current stage even if it's not perfectly nuclear war resistant

hopefully we find something simple enough that would cover majority of the common mistakes and then if someone wants more and more security tthey can use external signers (as I do) etc.

Reply to this note

Please Login to reply.

Discussion

No replies yet.