Nostr Web Client

How is the highest npub less authoritative? I should clarify that devices would only store the current nsec provided by whatever offline device has the seed phrase, and you publish your xpub in your profile. So clients can trust that the same xpub personna has authorized the new npub because they can verify lineage themselves.

GHOST 1w ago

Maybe I am misunderstanding you but in your model, it appears that any derived key that can produce a higher index is implicitly authoritative, because there is no separate authorization step.

A compromised device doesn’t need the seed forever, it just needs it once to jump the counter and publish a “newest” npub. From the network’s point of view, that looks indistinguishable from intent.

Cold Root Identity separates those roles. Derivation is cheap and local. Authority is explicit and verifiable. Clients don’t infer intent from an index. They verify an authorization.

Reply to this note

Please Login to reply.

Discussion

asherp 1w ago

I agree that"hot "devices should never have access to a seed phrase, so they can't jump the counter. I'm just saying the cold root doesn't actually need to explicitly sign in the implicit version, migration can be instant, and the work for clients is basically negligible.

GHOST 1w ago

You’re right that implicit rotation can work in a perfect discipline model and does minimize client work.

The reason I still require explicit root authorization is survivability under failure. I want a cryptographic way to distinguish intent from accident or compromise, and a way to revoke or supersede a key after the fact.

Implicit “highest index wins” infers authority. Cold Root Identity makes authority explicit. That’s the tradeoff I’m choosing.

asherp 1w ago

Sounds good. I think it's a fair tradeoff.