nostore for iOS signing and nsecbunker for a self-hosted authentication server. NsecBunker is more complicated, but super exciting.
I think I saw the same thread and it does seem logical that we add a key revocation kind into the spec. As of now there is no way for someone to aggressively inform their followers if their acct is compromised.
The twitter thread I saw below. The simplicity of nostr definitely leaves something to be desired in terms of flexibility of key rotation with a spec like DIDs. Doesn’t mean the challenges aren’t solvable.
Is this the master key on a separate signing device, that creates child keys that can be revoked and changed. A good idea for power users!
Once nsecBunker is more widely accepted I won’t even put my primary key into extensions anymore. Nostore and Nos2x will have a throwaway nsecBunker admin key that I can use to control the bunker where the real keys live encrypted by a password. Then the admin key can be rotated at will and the real keys never leave the server - kind of like a hardware device.
So the nsecBunker key is kind of like a master key, but it can be tossed since it’s not tied to your identity
