Oddbean new post about | logout
 remote signing is a bad idea, but it can be made local, with a reverse proxy and wireguard VPN and running a local NIP-46 bunker

but that's a pretty big obstacle for noobs to jump over, the flow needs to account for this, this is partly why alby is becoming de facto signing device for nostr web apps, and they locked that down to invite only, so this is a big onboarding problem

how do you encourage new users to use paid relays if none of the clients actually support the proper auth flow???? relay devs and relay providers are stuck behind the fence that nobody is building a gate in, still, 1 year later since the spec was made 
 Why is remote signing a bad idea? 
 because your nsec is far away from you 
 the only way i can see it working is if the remote service you connect to via wireguard and your bunker is running on your machine listening on your wireguard address... then the key is in your possession on your computer and not copied to another machine

there might be other ways to make a tunnel, but i know i can do it this way with wireguard already, it is very easy, i run my relay this way and it makes it internet accessible, i can even put all kinds of subdomains to point at any number of web servers i want to run 
 i could probably even set up a service that deploys all this automatically and all you have to do is install one program which opens the wireguard tunnel and signs for you, on your own device... could easily be made for all platforms too, it's a very small thing

would be a combination VPN/bunker service, so you get VPN protection in the deal 
 Nsec.app stores keys in your device, it's running inside browser service worker which is weken up by a push message if server detects that sw is sleeping and not replying