Oddbean new post about | logout
 I don't know.. everything feels so easily hackable when stakes are high... 

We could also not use bitcoin at all and keep the company's relay url in the expiration token. The relay url becomes the source of truth because it is controlled by the company. Clients just need to check the delegation authority written in replaceable events in that relay. In that way, we bake the "how to find the most up-to-date authorization replaceable" into the delegation token.

Kinda similar to a nostr-native NIP-05. The delegation is checked every time the post is displayed.  

But I trully think a better solution is a hardware signer that the company can write an nsec into it and the user can never take it out or copy. Company could buy a few of those and hand them away. The signer connects to the company's system to check the expiration every time it signs. Once the company removes authorization, the device becomes a paperweight.