Oddbean new post about | logout
Magister Michael Dilger M.Sc. | 4 months ago (raw) | root | parent | reply | flag +1 
 I want my master key offline, and per-device signing keys online. That isn't centralization.

And I cannot do that with NIP-46 where the bunker has to be online.

The only solutions to provide this that I can conceive of are major breaking changes.

My keypair has leaked all over the place and it is only by the grace of god that people haven't noticed and posted as me.  But as of today there is almost zilch I can do about it.
fiatjaf | 4 months ago (raw) | root | parent | reply | flag 
 You're talking about delegation, I'm talking about rotation.

But your stuff also can't be done reliably because there is no way to revoke your per-device signing keys without a centralized server telling everybody that a key was revoked.
Magister Michael Dilger M.Sc. | 4 months ago (raw) | root | parent | reply | flag 
 Why can't I publish a key schedule event to my outbox relays, created and signed offline by my master key, that says that some device key is now revoked?
fiatjaf | 4 months ago (raw) | root | parent | reply | flag 
 Are your outbox relays defined by your per-device key or by your master key?
Magister Michael Dilger M.Sc. | 4 months ago (raw) | root | parent | reply | flag 
 I see that it would have to be the master key.  *grumble grumble hrumph*
Joe | 4 months ago (raw) | root | parent | reply | flag 
 Noob here.

What about NIP41 requires centralization? The announcement of the revocation? If so, could we remove the requirement for announcement?

Could NIP41 suggest generating something like 12000 keys (1 per month for 100 years) instead of the proposed 256 in the NIP? Then everyone rotates on the first of the month if they want to? 
Too much processing on onboarding or recovery? Or too much of a pain for each client to download the list of 1200 keys for each of their contacts? If that’s too much then rotate yearly Puts the burden on clients, not relays (except load) or Nostr code. Remain backwards compatible for all existing keys. Clients could choose to care or not about rotated out keys. Clients could say “outdated contact, use caution” etc.
dtonon | 4 months ago (raw) | root | parent | reply | flag 
 I suspect single key rotation and per-device keys require really different approaches. The latter is more similar to delegation.
With a single key that rotates, the last used one is the authority and could sign the outbox relays, as hypothised here:

nostr:nevent1qqsz9huty7l7yvzw8n85vsd3phrj9fkpnun8qqdrjc5lyzhltjrr7sgpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsygrmmmmmugka3evlgcqwq3922wsul966nhrayl04svauwldhsjjcq5psgqqqqqqsrgs8g8
bu5hm4nn | 4 months ago (raw) | root | parent | reply | flag 
 The message defining those could be signed on a hardware device though, keeping the master key offline
Magister Michael Dilger M.Sc. | 4 months ago (raw) | root | parent | reply | flag 
 Yes.

I haven't changed email providers or DNS providers in years. Once nostr settles down, changing relays will be a rare enough thing that requiring the master key to do it doesn't seem overly onerous to me.
james r | 4 months ago (raw) | root | parent | reply | flag 
 I haven't changed email providers in years too, in fact I never changed, because it's impossible!