Oddbean new post about | logout
NunyaBidness | 1 years ago (raw) | root | parent | reply | flag +2 
 What's this scorcery?

nostr:note1egzpr30r9q2g4cr469d2c83ar04t7cmc0jggm33aczmvcsnurwzs3vycls
PABLOF7z | 1 years ago (raw) | root | parent | reply | flag +3 
 I wrote a NIP for account recovery and we need an implementation.

The TL;DR is:

whitelist a migration key to a private key you control but are not using actively (e.g. you generate the key and you keep it in a seed plate)

opentimestamp an event saying "this will be one of my possible next pubkeys"

if your current nsec is compromised you sign with the key in your seed plate an event saying "I fucked up my old key; I am now moving to my previously whitelisted key" -- your followers' clients would unfollow the old key and follow the new one (after a cool down period)
cloud fodder | 1 years ago (raw) | root | parent | reply | flag 
 It's about the best thing you could do for relayed events.. the scenario of not everyone adopting the technique and then accounts that are compromised have a clear runway to cleanly hijack the account into one you don't still have the key to.. doesn't seem a ton better.

This is why having something external to Nostr, or external to the events seems like the way.  We already sort of push for that anyway with GPG right (and on nostr), by saying, here's my pubkey, it's on my GitHub/Twitter.. and etc.

This is also why I really kind of like the NIP05, but only if you control the domain..  maybe something similar to nip05 but without having to own a domain, like a message on the blockchain saying "here are my next 5 accounts"