dvdc on Nostr: What are your thoughts on a chain of trust structure for nsecs? A user would have a ...
What are your thoughts on a chain of trust structure for nsecs? A user would have a root nsec stored on a hardware device. When a Nostr app wants to authenticate a user, it can request a signed event from the root nsec to attest for the newly generated client-specific nsec. The root nsec stays secure and can revoke the client nsec later, and the client doesn't need to deal with any remote signing.
Published at
2024-08-24 15:15:18Event JSON
{
"id": "3c5f0f29b4418a3b8ce6571d91080fe971246bb4480687b2be3a25211546c47e",
"pubkey": "6b1b8dac34ffc61d464dfeef00e4a84a604e172ef6391fb629293d6f1666148c",
"created_at": 1724512518,
"kind": 1,
"tags": [
[
"e",
"2b8d8fb2b84e6636156cbe9aaf3c82e6862de1f41c6b179ee44dc4047f0b3db4",
"",
"root"
],
[
"p",
"fa984bd7dbb282f07e16e7ae87b26a2a7b9b90b7246a44771f0cf5ae58018f52"
],
[
"p",
"e88a691e98d9987c964521dff60025f60700378a4879180dcbbb4a5027850411"
]
],
"content": "What are your thoughts on a chain of trust structure for nsecs? A user would have a root nsec stored on a hardware device. When a Nostr app wants to authenticate a user, it can request a signed event from the root nsec to attest for the newly generated client-specific nsec. The root nsec stays secure and can revoke the client nsec later, and the client doesn't need to deal with any remote signing.",
"sig": "6d42a684d0d39ac41af7f8c11166d3a2f555cb7f154a827461e03baa45b993d4db601997731948f848d4876eba56bd53886d091da0033a421f6ecd0b41c1bb77"
}
