this is really cool, although I'm not sure how many people are going to setup a successor key and keep it safe before their secret key gets leaked

I like the idea of setting it up before hand as a solution to the hacker front-running the real users event though.

also it might not be necessary for relays to reject newer 101 events if clients dont look for the latest event. then again its possible the attacker could post a backdated event

NIP-101

=======

Fix for stolen secret key problem

----------------------------------

This NIP defines a solution that may be implemented by clients and relays for stolen keys problem. Lets say a user owns two accounts, uses A actively but wants to switch to B in case A is stolen.

- Secret key A sets a 'successor' pub B by storing an event with a new kind in a relay. Kind may be 101.

```json

{

"id": "...",

"pubkey": ".......AAAA........",

"created_at": 1669695536,

"kind": 101,

"tags": [

["successor", "...........BBBBBBBBB......."]

],

"content": "",

"sig": "...signature.by.AAAA........"

}

```

- In case secret key A is stolen, the owner of A uses secret B to start simply creating notes of any kind, or create one event with a new kind that says "B is now succeeding A". First option is easier, second is more elegant.

```json

{

"id": "...",

"pubkey": ".......BBBB........",

"created_at": 1769695536,

"kind": 1,

"tags": [],

"content": "Hey I am the owner of AAA and my secret key was stolen. This is my new account",

"sig": "...signature.by.BBBB........"

}

```

OR

```json

{

"id": "...",

"pubkey": ".......BBBB........",

"created_at": 1769695536,

"kind": 102,

"tags": ["p",".........AAAAAAAAAA..............."],

"content": "Hey I am the owner of AAA and my secret key was stolen. This is my new account!",

"sig": "...signature.by.BBBB........"

}

```

- Clients see B is active and show a warning that A is now stolen and B is the new one. Clients update the follows.

- Relays MUST block 101 events that are older than X days for this to work properly. X may be 7. Clients MUST fetch ONLY the first 101 from a relay that supports this.

What will happen if only a few relays implement this NIP?

---------------------------------------------------------

The attacker will use secret A to create a 101 with an older created_at. Clients will think the successor of A is actually was C..

The clients will see both B and C coming from relays. At this moment the client may choose to 'honor' the relays that implemented this NIP and choose B as the successor instead of C.

________

Requesting for comments. What does everyone think?

#[0] #[1] #[2]

any idea why event_refs and pubkey_refs are not being recognized as instance variables?

filters = Filter(pubkey_refs=['your_hex_pub'])

is giving me TyprError: __init__() got an unexpected keyword argument ‘pubkey_refs’

#[0]​ I have a really newb question about python-nostr.

I want to create a Filter() with author equal to my pubkey. How do I get my plain text npub or hex key into a type that can be passed to Filter()?

How is it 2023 and we’re still trusting a huge bag of Certificate Authorities to authenticate everything we do online? We knew this model was broken 30 years ago, but I guess we just don’t care about real security.

I’ve unlocked another notabot.net verification slot to give. Looking for someone I met at Nostrica who would like to get verified! The website now fully supports signing extensions so no need to trust it with your private key!

Have to admit I recently got sucked back into bird app for current events (banking crisis), and memes (SkullOfSatoshi).

I want to get back to Nostr over Twitter, and less social media over all. What are the cool desktop/web experiences to check out these days? Any new Nostr use cases to try outside of traditional SM?

Proud of you! 🤩

DeepL usage with Damus auto-translate so far. I’m guessing I will end on the max free plan quota. 16k char a day.

And the winner of the #nostropical hackathon's community choice award, and 25,000,000 sats, is the Nostr Follower DM Tool by #[0]. Congratulations!

And the winner of the #nostropical hackathon's community choice award, and 25,000,000 sats, is the Nostr Follower DM Tool by #[0]. Congratulations!

Anyone good at identifying snakes? Am having a hard time identifying this little one I found this morning..

Constraints are good. Notes should be short.

3D printer arrives today!

What should be my genesis print?

Digga...ich komm nicht mehr hinterher xD Zu viele Podcasts, zu viele neue Entwicklungen :D

NostrFollower

#[1]

Felix built a micro app for key migration. It notifies all of your followers to follow the new key via a dm and uses the nip-05 as a way of confirming that the person has changed their nsec/npub.