I've been pondering key hygiene and the concept of key recycling.
We often rely on our npubs, but given the likelihood of these keys being compromised—or even the suspicion of compromise—it seems wise to abandon them for new keys from time to time.
This made me to consider a strategy less dependent on npubs and more resilient to such changes.
What if, instead of broadcasting our npubs for connections, we start using NIP-05 identifiers linked to our own domains?
This approach would allow us to maintain a consistent digital identity, even as we cycle through public keys for security reasons. I'm aware that owning a domain comes with its own set of challenges, including the risk of hacking. However, I believe the benefits of easily updating our public keys without losing our online footprint could outweigh these concerns.
This strategy could serve as an important part of our key management practice. By not tying our online identity directly to a single npub, we have something that lasts longer.
If I'm going to publish an article as a guest in a website I have no control, for example. I think it would be best to say what's my NIP-05 instead of putting my npub, right?
I'm curious to hear your thoughts on this.
Disagree wholeheartedly. Keys are what make Nostr so solid. Compromise is talked about way more than it happens and when it does, it's pretty quick to unfollow one key for another. Domains introduce counterparty risk so I wouldn't double down on them. NIP-05 is fine as a convenience but should not replace keys as the base layer of identity.
reply
Oh, good points. There's something I thought about but did not write: I was thinking that this is ideal when it's your own domain.
Agree that using someone else's domain is counterparty risk.
And still keep my position that telling everyone your npub in blogs and websites you are unlikely to edit again n the future is not good because eventually you will migrate to a different key. So, to correct my initial post: considering you have your own domain, it would be better instead to tell people to find you via your NIP-05. What you think?
reply
Even your own domain has counterparty risk. Two parties typically. I still think it's more of an interesting topic than a risk. Bigger risk with Nostr is it never grows beyond a small niche.
reply
"Not your domain name, not your NIP-05"
reply
Smart. You get the best of both worlds. Ownership and portability of nostr. Scalability and extensibility of nip-05.
What is needed is a standardized, extensible way of putting data in profiles and nip-05
I have been thinking for quite a while that we would benefit from a master key and subkeys. Only your master key goes in nip-05, but subkeys could be added. This would perhaps be only for next-gen apps because first gen would not know about it, but could transition if it's useful.
reply
Are you really the owner of a domain? You only have some rights to say that you are domain holder. Owning domains is something else and privileged to some big (non democratic) foundations / cooperations.
Having and holding your own keys is giving you much more ownership.
reply
Interesting point. Yeah, I was thinking owning a domain as in buying it in bluehost but I absolutely understand your comment. In any case I'm still not comfortable with the concept of a long-term strategy of communication telling people what is my npub considering that I will be abandoning keys from time to time
reply
Are you familar with https://nostr-nips.com/nip-26?
reply
I had another idea about this topic, using bip32 on nostr. Maybe it can be complemented with nip05... but maybe not necessary. Ill publish the proposal soon TM 🤙
reply