1. It must be mandatory and coded by all relays and all clients. Otherwise, users will see broken experiences everywhere (things appear here as official accounts of a brand but not there, etc).
2. Encryption and decryption is impossible with subkeys. For instance, we can encrypt DMs for all subkeys, but once you do it, you cannot revoke that anymore.
3. Replaceable events and all the indexing around it now must consider delegated keys whose authority can change over time on a simple re-broadcast. The entire indexing now needs to use the DB as a source for the index itself. It gets extremely complicated.
4. Now compound that complexity with the fact that we don't have a time chain on Nostr and things can appear in the past, future and different relays can and do have different versions of what's authorized at the same time.
It's mess, on top of mess, on top of mess.
All because we use raw pubkeys as the main address and not a time-resolvable DID for instance.
> All because we use raw pubkeys as the main address and not a time-resolvable DID for instance.
So much this.
Thanks for the clarification.
These are all really good points and may have changed my mind on the subject. That said, remote signing will only be used by a tiny minority of people.
Not really. Amber uses NIP-46 to sign and decrypt payloads from your phone. Desktops never see the nsec, only people's phones do. Everytime an approval is required, Amber brings up a popup on the phone.
That can come from your team members or from yourself on a separate device.
> Everytime an approval is required, Amber brings up a popup on the phone.
That seems like a relatively high level of friction, and friction is a big killer of adoption.
Oddbean new post about login | logout