Oddbean new post about | logout
TheGuySwann | 1 months ago (raw) | root | parent | reply | flag +2 
 As someone who has tried very hard on multiple occasions to have secondary/sub keys and using nsec bunker to let others post with limited permissions to my key… I can confidently say it’s all trash. And I don’t mean that like nobody worked hard to build something cool, because I know people did, but it’s practically all unusable.
Marakesh 𓅦 | 1 months ago (raw) | root | parent | reply | flag +3 
 I was just thinking to myself this morning about nsecs and what to do if yours gets compromised? Is there a way one could have multiples linked together as you, so that you could deactivate one if it got compromised (or lost or something) and still proceed with your same identity and all your previous notes and social graph? It's not like you can just change your password as with other apps. 

Maybe an nsec bunker could help with this? Maybe it already does? Honestly, I've found them too confusing to use myself, and it sounds like nostr:nprofile1qqstnem9g6aqv3tw6vqaneftcj06frns56lj9q470gdww228vysz8hqpz4mhxue69uhk2er9dchxummnw3ezumrpdejqzrthwden5te0dehhxtnvdakqz9rhwden5te0wfjkccte9ejxzmt4wvhxjmcjgxv3n hasn't fared much better:
nostr:nevent1qqsxtw0z7rjce222sygzl9r9h244k26tusy9yyqjvz6npdajuqcgayqpzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtczyzu7we2xhgry2mknq8v7227yn7jguu9xhu3g90n6rtnjj3mpyq3acqcyqqqqqqgld2k0g

#asknostr #askdevs
TheGuySwann | 1 months ago (raw) | root | parent | reply | flag +1 
 I think this is a supremely underrated necessity for a really great and secure Nostr experience.

Basically two main options to fix this, imo:
1. generate a new key for every single client you use, and then sign with a master key that “this is mine” and so every user sees them as all one account. 
2. generate sub keys *from* a master key that you can give specific permissions to and make a new one for each client, and it simply is allowed to reach out to a main device that has your master, and ask it to sign. (Basically the nsec bunker design)

Both open up a ton of possibilities. The first is easier, but requires more complication and data gathering from the client side it seems. The second has the problem of needing an always online device that manages the master key, or having some sort of “good for 100 posts” key or something somehow. 

Both are not easy, but both seem very possible. And I think this is far more important to have a system for than people recognize, imo.
mleku | 1 months ago (raw) | root | parent | reply | flag +1 
 a succession protocol would be very handy, but i think we won't see anything like it until at least nip-81 (a replacement and extension of follow/mute lists) is finalized and implemented
Evan | 1 months ago (raw) | root | parent | reply | flag 
 As a comparison, ‘app passwords’ on Bluesky have been in the app longer than feeds, gifs, videos, and any moderation tools other than mute. 

They are easy to create, revokable, single use passwords for use on third party apps and tools. The interface is stupidly simple, and it dramatically increases security of your main password for those that choose to use it.