A #nostr development idea that keeps kicking around in my head.
What if my private key is compromised? Is there anyway that I could get control back? If Nostr becomes big, and I had a lot of followers, this would be a really big deal.
I believe some sort of solution to this exists, as Steve Gibson developed a thing called SQRL. A neat authentication system that could replace passwords. It hasn't taken off, but it has a very elaborate setup that allows for "re-keying" your identity if you ever "lose your private key".
I'm pretty sure it boils down to this:
You have a private key that you use to authenticated yourself day to day.
You have a super secret private key that you can use to tell websites "My private key has been compromised!" Please update my public key to this new one.
Perhaps a standard for this should be added to Nostr.
The Documentation to SQRL is listed here, https://www.grc.com/sqrl/sqrl.htm The relevant idea is called "Identity Re-Keying"
I think there is a lot of wisdom in SQRL that might be applicable to nostr security.
kvvvk /
npub1w6…5nehl
2023-02-20 03:57:46
Author Public Key
npub1w6vtyz96sjtanpvew3550zjwet7t07zphhvn7lwu60s6wz8pfsqqy5nehlPublished at
2023-02-20 03:57:46Event JSON
{
"id": "86be61c17344824f98500c7c2f8dbb5b9e43b11d8cbb72361ce45f5889cdcf66",
"pubkey": "7698b208ba8497d985997469478a4ecafcb7f841bdd93f7ddcd3e1a708e14c00",
"created_at": 1676865466,
"kind": 1,
"tags": [],
"content": "A #nostr development idea that keeps kicking around in my head. \n\nWhat if my private key is compromised? Is there anyway that I could get control back? If Nostr becomes big, and I had a lot of followers, this would be a really big deal.\n\nI believe some sort of solution to this exists, as Steve Gibson developed a thing called SQRL. A neat authentication system that could replace passwords. It hasn't taken off, but it has a very elaborate setup that allows for \"re-keying\" your identity if you ever \"lose your private key\".\n\nI'm pretty sure it boils down to this:\nYou have a private key that you use to authenticated yourself day to day.\nYou have a super secret private key that you can use to tell websites \"My private key has been compromised!\" Please update my public key to this new one.\n\nPerhaps a standard for this should be added to Nostr.\n\nThe Documentation to SQRL is listed here, https://www.grc.com/sqrl/sqrl.htm The relevant idea is called \"Identity Re-Keying\"\n\nI think there is a lot of wisdom in SQRL that might be applicable to nostr security.",
"sig": "eee3487ee3ee886f9e77e060ca8bbc652b2c668b920f72ae14df5cb79035164d751be58c20ef08921e823218ab6722f629e5b95a07608572c7ae434003a9a86c"
}