Replying to Avatar daniele

No 1 is related to the ability of the client to search an user by nip-05. Because there is not a standard way to query a relay for a nip-05, the client have to to cache them or use an external service.

An user can have multiple valid addresses, but every client should show only the most recent one, querying the metadata (kind:0) event.

About the key rotation: because a nip-05 is a proxy to the pubkey, if you need to trash the old key and spinup a new one, you don't have to update it everywhere. Users that find your nip-05 (e.g. business card) will find always your update account. Users that already follow you will see an invalid nip-05, and they would be alerted.
Avatar
pam 2y ago

hmm interesting.

on key rotation - i'm guessing if they wanted to trash the old key, maybe they wanted to trash all information and content related to that identity, including the nip-05 identifier ? are there other reasons why someone will get rid of all related to the old key, but keep the identifier?

what would help though is to carry forward your identity to a diff npub/nsec. Say for example, for whatever reason I have to clear off all connections to my nostr accounts - and i cant keep the nsec written anywhere if my laptop is compromised. In that case, it will be hard to login back to my nostr account because nsec is not easy to memorise. But with an nip-05, it can be a security later to access your account. But i guess it has to be a private thing or maybe an in-built private security. then again, whatever that has access can be compromised. tough world!

Reply to this note

Please Login to reply.

Discussion

Avatar
daniele 2y ago

I was speculating about a key rotation for a security breach, or because the user lost the private key. In these cases you *want* to create a easy way to connect the two accounts and promote the last one as official.

About your idea of using a nip-05 address to login: you could add to the json a new field "encrypted_key" and there store the nsec protected by a password using a widely used algorithm. This way, you can bootstrap your account starting with a new device, just fetching the nip-05 data and decrypting the nsec with a memorized password.