Ya we need a way to associate a new key with the old one without revealing it to the world 

 I was working on that for my proposed nip41, i have to iterate over it again as it can be simplified, but it address how to set a new npub to migrate without revealing it 

 Is it possible to deploy a personal DNS type of solution for this? Similar to username NIP 05? That way your username remains tied to infinite npubs you specify?

Not a developer so curious if it’s even an option. 

 If we had good multi-key management, this wouldn’t be as big of an issue because you could just swap keys on different services. I guess nsec.app already makes this somewhat easy to do, if more clients supported it 

 "logging in" with Nostr is quite different than logging in with a traditional account. When done correctly, the service or platform being accessed never touches your keys/credential/secret. This limits the blast radius of a hack significantly. Can't and shouldn't think of it the same way that you think of "an account"  

 My 2 cents is major app devs need to agree to stop allowing priv key logins (or at least hid them in a sub-menu) and only extension or bunker. But that would mean every iOS app would stop operation. 

 Yea I think there are two situations:

1) Nostr client login

2) Platforms that allow you to login with Nostr

Eventually #1 will be everything, but in the meantime there will likely be a lot of #2s. For #2 the platform just has to be able to prove you have ownership of your npub, which can be accomplished through DM

 

 But then you can't throw away the "master" 

 Wouldnt need to would you? The subs would be the throw aways. 

 Being able to lose a key and needing to throw a key away are effectively the same thing.  Without having keys that are impossible to lose, the idea is that we should treat all keys as a throwaway entity in our designs. 

 “…we should treat all keys as a throwaway entity in our designs.”

Yes