Replying to Avatar GHOST

Maybe I am misunderstanding you but in your model, it appears that any derived key that can produce a higher index is implicitly authoritative, because there is no separate authorization step.

A compromised device doesn’t need the seed forever, it just needs it once to jump the counter and publish a “newest” npub. From the network’s point of view, that looks indistinguishable from intent.

Cold Root Identity separates those roles. Derivation is cheap and local. Authority is explicit and verifiable. Clients don’t infer intent from an index. They verify an authorization.
Avatar
asherp 1w ago

I agree that"hot "devices should never have access to a seed phrase, so they can't jump the counter. I'm just saying the cold root doesn't actually need to explicitly sign in the implicit version, migration can be instant, and the work for clients is basically negligible.

Reply to this note

Please Login to reply.

Discussion

Avatar
GHOST 1w ago

You’re right that implicit rotation can work in a perfect discipline model and does minimize client work.

The reason I still require explicit root authorization is survivability under failure. I want a cryptographic way to distinguish intent from accident or compromise, and a way to revoke or supersede a key after the fact.

Implicit “highest index wins” infers authority. Cold Root Identity makes authority explicit. That’s the tradeoff I’m choosing.

Avatar
asherp 1w ago

Sounds good. I think it's a fair tradeoff.