Why Nostr? What is Njump?
2023-02-20 03:57:46

kvvvk on Nostr: A #nostr development idea that keeps kicking around in my head. What if my private ...

A #nostr development idea that keeps kicking around in my head.

What if my private key is compromised? Is there anyway that I could get control back? If Nostr becomes big, and I had a lot of followers, this would be a really big deal.

I believe some sort of solution to this exists, as Steve Gibson developed a thing called SQRL. A neat authentication system that could replace passwords. It hasn't taken off, but it has a very elaborate setup that allows for "re-keying" your identity if you ever "lose your private key".

I'm pretty sure it boils down to this:
You have a private key that you use to authenticated yourself day to day.
You have a super secret private key that you can use to tell websites "My private key has been compromised!" Please update my public key to this new one.

Perhaps a standard for this should be added to Nostr.

The Documentation to SQRL is listed here, https://www.grc.com/sqrl/sqrl.htm The relevant idea is called "Identity Re-Keying"

I think there is a lot of wisdom in SQRL that might be applicable to nostr security.
Author Public Key
npub1w6vtyz96sjtanpvew3550zjwet7t07zphhvn7lwu60s6wz8pfsqqy5nehl