You would need an event signed with the first key that references the backup key, no?
If I get access to your private key, I can just publish an older event certifying a public key I control.
Anyone who tries to visit your account will be redirected to the oldest verified public key (my own).
Login to reply
Replies (1)
I think it might need its own NIP.