gladly, giving it time since 2021, once you can switch your profile to new npub using frost bunker in a way that majority of clients continue getting your notes - let me know
Discussion
New npub? Why?
Because any key is bound to leak, with the probability being proportional to how often it is used and the required convenience
yeah, and this goal post switching with frost bunker is retarded.
update relay code to alias query based on npub and abstract it there... so that nostr notes published with compromised key are invalid after npub obsoletion date... that would be the start.
FROST actually avoids to leak the nsec, you just have a master key and (revocable) sub-keys. What's wrong with that?
Technically aliasing the npub seems a cleaner "classic" approach, but it's a burden for clients, and moving it to relays is not easier. At the end you still have to consider the case of a leaked (master) key, so a social recovery rotation seems a sensible approach for that, working in the meantime to make it a solution to be used in extreme cases.
yes, but we're talking about existing users. hence why I'm saying - when you can tell me how we can migrate our existing npub to new ones and clients effortlessly switch your notes, reputation and followers - then key rotation is implemented on Nostr. Everything else is a cope.
And this is classical pattern with devs wanting to keep the system/protocol simple, so they start throwing fancy terms to muddy the water and avoid adding complexity required to properly handle real world use case.
To create a FROST bunkers you do *not* need to migrate to a new npub, existent users can have a FROST bunker, simply we don't have a easy UI to do that (it is in progress right now).
When users will start pasting FROST bunkers around, instead of their nsec, the leak problem will be largely solved, and so all this key rotation fear.
I don't see any muddy water here. And FROST is complex, but its complexity seems applied on the "right" part of the system, causing little troubles to other parts.