Why can't I publish a key schedule event to my outbox relays, created and signed offline by my master key, that says that some device key is now revoked?
Are your outbox relays defined by your per-device key or by your master key?
I see that it would have to be the master key. *grumble grumble hrumph*
Noob here. What about NIP41 requires centralization? The announcement of the revocation? If so, could we remove the requirement for announcement? Could NIP41 suggest generating something like 12000 keys (1 per month for 100 years) instead of the proposed 256 in the NIP? Then everyone rotates on the first of the month if they want to? Too much processing on onboarding or recovery? Or too much of a pain for each client to download the list of 1200 keys for each of their contacts? If that’s too much then rotate yearly Puts the burden on clients, not relays (except load) or Nostr code. Remain backwards compatible for all existing keys. Clients could choose to care or not about rotated out keys. Clients could say “outdated contact, use caution” etc.
I suspect single key rotation and per-device keys require really different approaches. The latter is more similar to delegation. With a single key that rotates, the last used one is the authority and could sign the outbox relays, as hypothised here: nostr:nevent1qqsz9huty7l7yvzw8n85vsd3phrj9fkpnun8qqdrjc5lyzhltjrr7sgpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsygrmmmmmugka3evlgcqwq3922wsul966nhrayl04svauwldhsjjcq5psgqqqqqqsrgs8g8
The message defining those could be signed on a hardware device though, keeping the master key offline
Yes. I haven't changed email providers or DNS providers in years. Once nostr settles down, changing relays will be a rare enough thing that requiring the master key to do it doesn't seem overly onerous to me.