There should be a way to lock a nsec to a username to discourage impersonation