Oddbean new post about | logout
Vitor Pamplona | 2 months ago (raw) | root | parent | reply | flag 
 But priv keys will be used only once. There is no need to expose the private keys.
anton | 2 months ago (raw) | root | parent | reply | flag +2 
 I was thinking in the context of nips 41 and 109, and around how to improve key safety. Imo master key should never touch a mobile device - if you don’t let the master key touch a mobile device or other low trust environment, but you do let a child key, then if you expose your xpub, it undermines the whole security model of having a well protected master key.
anton | 2 months ago (raw) | root | parent | reply | flag 
 A more clumsy but functional option is to list child keys signed by the master key
Vitor Pamplona | 2 months ago (raw) | root | parent | reply | flag 
 yeah no, my suggestion was for regular anonymous posts, not for DMs or identity management. The point was to have a seed that you can expose your xpub to friends and colleagues, but not to the whole web. It can leak, so it is never actually private.
anton | 2 months ago (raw) | root | parent | reply | flag 
 I see. It still reduces the key security overall but I understand what you’re going for.