It's a hard problem. The only simple thing I can think of is leveraging nip05, assuming you still have control over your nip05 you can use that to point to the new official npub. That wouldn't mean wot should pay close attention to nip05, ie, if/when it changes domains or etc. you would want to keep nip05 steady and grow trust with that.
Replies (5)
Oh, that's clever. That is really clever.
s/wouldn't/would/g
Nip05 is not secure. Any malicious server can add your pubkey to their well-known. Post-compromise, the same bad actor could immediately update the Nip05 field of your kind0….
I think better solution … for post or pre compromise npub migration … is for npubs to have set an “emergency contact” flag on one (or more) of their “is trusted” published events. (SovWot NIP is not yet written… but could include this flag for “is trusted” events)
Right, I'm saying nip05 is the only real external validation nostr has. For this to work youd need either the open timestamp attestation stuff on profile updates and/or the web of trust to keep track of nip05 domain changes. If the domain changes you loose the trust score. Something like that.. I know it's prob not setup for this right now. For me, I use a nip05 that I manage personally, this may not work as well for nip05 provider services that login with npub, hehe.
It's kinda like keybase or a pgp key server.. some external source of, "hey this is me now" outside of nostr.
