Oddbean new post about | logout
 So you’re not using the priv key to sign any and every thing? 

For nostr, I was looking into a hardware signer device that would be able to have a whole nsecbunker running on it. But it seems like that doesn’t exist anymore 
 Not even some things, the only thing we sign (yet) is just a very short lived authentication token, which you send it to your homeserver and get a good old cookie (session) in return, and you use that going forward.

In fact we also have a 3rd party authorization spec(and working code), so you can allow a web app to obtain that session without uploading the keys to that 3rd party app.

We will properly go even further and make your root key only used once in the beginning, then use a delegated key for logging in when you get signed out... but we haven't went that far yet.

For now, you use your key as often as you sign in to Gmail... very rarely  
 This is awesome. Seems like Pubky is building best practice key management into the protocol / app