I’ve been seeing this in some places—what say you to folks that say we can’t hit mainstream adoption with #nostr until there’s “password (nsec) reset/recovery” functionality?
What are all major tools for nsec storage and signing atm? I know Alby, nos2x and flamingo
nostore for iOS signing and nsecbunker for a self-hosted authentication server. NsecBunker is more complicated, but super exciting.
I think I saw the same thread and it does seem logical that we add a key revocation kind into the spec. As of now there is no way for someone to aggressively inform their followers if their acct is compromised.
The twitter thread I saw below. The simplicity of nostr definitely leaves something to be desired in terms of flexibility of key rotation with a spec like DIDs. Doesn’t mean the challenges aren’t solvable.
Is this the master key on a separate signing device, that creates child keys that can be revoked and changed. A good idea for power users!
Once nsecBunker is more widely accepted I won’t even put my primary key into extensions anymore. Nostore and Nos2x will have a throwaway nsecBunker admin key that I can use to control the bunker where the real keys live encrypted by a password. Then the admin key can be rotated at will and the real keys never leave the server - kind of like a hardware device.
So the nsecBunker key is kind of like a master key, but it can be tossed since it’s not tied to your identity
Imagine when signing up for Damus the prompt “do you want to save this nsec to your a*ple ID and link your a*ple lightning wallet?”
Haha nooooo.
I mean I think this line of questioning that I stated above is a slippery slope, but it is the type of questions mainstream folks ask and ones we should have answers to give, or a way to redirect to show them *why* that’s not the case her, tools to help with this, etc.
Same thing with bitcoin self-custody, keys, backups, etc
Sovereignty always implies responsibility. Given, that some peoples (and mine) lifesaving are behind a seed phrase its difficult to understand this argument when its dealing with their access and or reputation on a platform used for memes.
