I agree that delegation to other generic entities is not crucial, but a way to rotate/invalidate keys seems essential, isn't?
What I worry is that when onboarding will increase, malware and scammers will follow: and a compromised key entails the loss of considerable value, and can also bring damage if the attacker uses it for malicious purposes. Such a situation would immediately drive the user away and create bad publicity for Nostr.
The only mitigating alternative I see, without touching the protocol, is for NIP-46 to impose itself and become the recognised standard, and *all* clients to use it by eliminating login via nsec.
dtonon / daniele
npub100…8vwqk
2024-07-13 09:47:58
in reply to nevent1q…u5v2
Author Public Key
npub10000003zmk89narqpczy4ff6rnuht2wu05na7kpnh3mak7z2tqzsv8vwqkPublished at
2024-07-13 09:47:58Event JSON
{
"id": "8e542bf68b8d2f976d7cbc054b62f0cf952c238d48e4b0ee2838cbeeb6085868",
"pubkey": "7bdef7be22dd8e59f4600e044aa53a1cf975a9dc7d27df5833bc77db784a5805",
"created_at": 1720864078,
"kind": 1,
"tags": [
[
"p",
"3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"
],
[
"p",
"fa984bd7dbb282f07e16e7ae87b26a2a7b9b90b7246a44771f0cf5ae58018f52"
],
[
"p",
"ee11a5dff40c19a555f41fe42b48f00e618c91225622ae37b6c2bb67b76c4e49"
],
[
"p",
"32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"
],
[
"p",
"bfc058c9abb250a2f4f0f240210ae750221b614f19b9872ea8cdf59a69d68914"
],
[
"p",
"44dc1c2db9c3fbd7bee9257eceb52be3cf8c40baf7b63f46e56b58a131c74f0b"
],
[
"e",
"bd82bc2fa87925e00df67010a5b590c79904ca4a2d10ff1b53a3b938acf6d3bc",
"wss://nostr.mom/",
"root"
],
[
"e",
"5e0f7758b44e90462e2d35da02f14f155ae112813ca7002c76b175c82b102890",
"wss://chorus.mikedilger.com:444/",
"reply"
]
],
"content": "I agree that delegation to other generic entities is not crucial, but a way to rotate/invalidate keys seems essential, isn't?\n\nWhat I worry is that when onboarding will increase, malware and scammers will follow: and a compromised key entails the loss of considerable value, and can also bring damage if the attacker uses it for malicious purposes. Such a situation would immediately drive the user away and create bad publicity for Nostr.\n\nThe only mitigating alternative I see, without touching the protocol, is for NIP-46 to impose itself and become the recognised standard, and *all* clients to use it by eliminating login via nsec.",
"sig": "ea57ac2f417b5cb0290726d09d436699641422b792356e69dff9fea8228e75d21a1bc725adb4c2ff3415e0f7a28bba3d08ac7fbaa122f89e252710cf1a47491c"
}