Nostr Web Client

Michael Anton Fischer 2y ago 💬 3

#[0] been thinking about your suggestion of a nsec nuking.

I think this should be implemented, but definitely not the way you proposed.

We’d need a change in the protocol.

Simplest idea I have is creating a master nsec that you can safeguard and derive normal nsec from.

This key MUST NOT be used to log in anywhere, best never touch the internet.

Then this key could be used to revoke a compromised nsec.

#[1] what are your thoughts?

Reply to this note

Please Login to reply.

Discussion

myself 2y ago

Why not NIP-26 Delegated Event Signing?

Michael Anton Fischer 2y ago

Looks like it is basically what I said.

The Guy That Looked Into It 2y ago

Yes, this is definitely the safest approach to managing NOSTR keys. Just needs to be implemented by all the clients, browser extensions and wallet apps.