nostr:npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6 nostr:npub1hyqrsvl6hle8r5rc9cpshesm0mpcee75tgde4p5lhke5h83dyqqqdwk7cp

About #keyrotation issue, proposal:

Let's have 2 npubs per profile. The master Npub is generated (preferably on airgapped seedsigner) and is the only one that is allowed to modify the master npub associated with the profile. The child npub is the one used for everyday signing and so on

If/when the child npub is compromised simply publish a profile update with new master and child npub. optionnally stamp blockheight+UTC after which the user wants to signal compromission

ideally the Nostr note publishing the new profile update should be QR coded from airgapped device

I know it's not perfect but it makes it already that much harder to break

until we are dependent on DNS we're kinda stuck even with DIDs... also we always forget about things like the proper nonces being used for signing messages etc.... we have no control over the client's source code and whether they are doxing or not