Oddbean new post about | logout
dtonon | 4 months ago (raw) | root | parent | reply | flag +1 
 Why? NIP-41 doesn't do that?

Let's hypothesize another solution.
Take a hierarchical deterministic keys structure, and publish the public master key. When a new key is used to sign something (it should be a special event for better visibility), clients are instructed to ignore all events from the previous keys.

Wait, but this doesn't block a malicious actor from signing and broadcasting events with a date in the *past*. These are the pain points. It's it that you are talking about?
To fix this, we should validate all past events with the new key, or let the new key invalidate/delete malicious events, and both hypotheses seem crazy, even if maybe the latter is feasible as an extreme solution.

Of course, we cannot block the broadcasting of old events, otherwise we would kill the uncensorable mechanism.

So we end up considering time-stamping events using the blockchain, which is also a huge pain and a heavy dependency.

I can see where centralization could arise.
dtonon | 4 months ago (raw) | root | parent | reply | flag 
 I suspect single key rotation and per-device keys require really different approaches. The latter is more similar to delegation.
With a single key that rotates, the last used one is the authority and could sign the outbox relays, as hypothised here:

nostr:nevent1qqsz9huty7l7yvzw8n85vsd3phrj9fkpnun8qqdrjc5lyzhltjrr7sgpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsygrmmmmmugka3evlgcqwq3922wsul966nhrayl04svauwldhsjjcq5psgqqqqqqsrgs8g8