pull down to refresh
252 sats \ 3 replies \ @zy OP 21 Dec 2022 freebie \ on: What is the best way to secure a Nostr private Key? nostr
As I reflect further on compromised private keys in the context of Nostr, would this be a solution?
-
Design the protocol to allow use of child private keys that can be rotated when needed (created from an always offline parent private key)
-
Create a database where users can submit compromised child private keys
-
Clients check that database and sensor content posted by those keys after the time which they were submitted to the database
Thoughts?
(Happy to discuss / work on this concept further if anyone is interested; and I suppose the above database could be extended beyond just Nostr private keys)
SQRL is a protocol that does the whole decentralized identity thing, but almost no one uses it because most websites are centralized anyway. It looks to me like its a perfect match for nostr. It's well thought out and handles compromised identities with rekeying using a rescue code.
Seems like everyone is reinventing the wheel these days (unknowingly), but it looks to me like the solution is already there, its just needs to be made nostr friendly/compatible.
SQRL intro Q&A:
https://sqrl.grc.com/pages/introductory_questions_and_answers/
reply
lnurl-auth is simpler and builds on the key management already available in ln wallets
https://fiatjaf.com/e0a35204.html
reply
Interesting! I didn't know about the added complexity due to fishing
reply