Nsec.app and local signers like Amber made custodial providers less interesting for tech savvy and diligent users that know how to self custody; but for onboarding a lot of casual newcomers, a custodial solution still seems a needed solution.
I'm reading the MuSign2 and Frost proposals, it's an interesting approach, but how do you ensure a robust infrastructure of more than 3 parties, which should be totally disconnected to demonstrate security? What incentives should these nsebunker providers have? Do they get paid? And should the user choose them randomly and pay them separately? And what happens if a payment is not made or if multiple nsecbunkers disappear at the same time breaking the quorum?
An alternative solution is to offer a single custodial nsecbunker, supported by a well-known entity (OpenSats?) and build a really clear user experience to lead the user (maybe forced after x amount of time?) to self-custody their key. Of course, this kind of structure would immediately become a centralized weakness, and thus a clear target for anyone who wants to destroy Nostr. Not to mention that it is not an absolutely easy structure to create and manage with good security standards; who would actually do it?
I don't know what would be the most effective way to proceed. I would probably try to elaborate the Frost approach, paired with a real good UI to enforce the user to keep a backup and validate it randomly every so often.
dtonon / daniele
npub100…8vwqk
2024-10-02 09:45:25
in reply to nevent1q…76e8
Author Public Key
npub10000003zmk89narqpczy4ff6rnuht2wu05na7kpnh3mak7z2tqzsv8vwqkPublished at
2024-10-02 09:45:25Event JSON
{
"id": "00002de26555b23008590b4a1aa45b4eb91e3def063767c7d3d4ba516fc69976",
"pubkey": "7bdef7be22dd8e59f4600e044aa53a1cf975a9dc7d27df5833bc77db784a5805",
"created_at": 1727862325,
"kind": 1,
"tags": [
[
"p",
"3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"
],
[
"p",
"fa984bd7dbb282f07e16e7ae87b26a2a7b9b90b7246a44771f0cf5ae58018f52"
],
[
"p",
"126103bfddc8df256b6e0abfd7f3797c80dcc4ea88f7c2f87dd4104220b4d65f"
],
[
"p",
"d91191e30e00444b942c0e82cad470b32af171764c2275bee0bd99377efd4075"
],
[
"e",
"00000e6f8eba9304440dd5ba881931f0bd723b5cfbacaf46645f130c4584fbb7",
"wss://nostr.wine/",
"root"
],
[
"nonce",
"14757395258967689166",
"18"
]
],
"content": "Nsec.app and local signers like Amber made custodial providers less interesting for tech savvy and diligent users that know how to self custody; but for onboarding a lot of casual newcomers, a custodial solution still seems a needed solution.\n\nI'm reading the MuSign2 and Frost proposals, it's an interesting approach, but how do you ensure a robust infrastructure of more than 3 parties, which should be totally disconnected to demonstrate security? What incentives should these nsebunker providers have? Do they get paid? And should the user choose them randomly and pay them separately? And what happens if a payment is not made or if multiple nsecbunkers disappear at the same time breaking the quorum?\n\nAn alternative solution is to offer a single custodial nsecbunker, supported by a well-known entity (OpenSats?) and build a really clear user experience to lead the user (maybe forced after x amount of time?) to self-custody their key. Of course, this kind of structure would immediately become a centralized weakness, and thus a clear target for anyone who wants to destroy Nostr. Not to mention that it is not an absolutely easy structure to create and manage with good security standards; who would actually do it?\n\nI don't know what would be the most effective way to proceed. I would probably try to elaborate the Frost approach, paired with a real good UI to enforce the user to keep a backup and validate it randomly every so often.",
"sig": "70617b6e864f751fdd71cd7f98e1a61c8f63553276a467da12df0bfb2aa038754efd3252704d816b5ca6517025a05a382c3d2498385d43c9039e461a01616377"
}