What if we add another kind of "block/mute/warning" for compromised keys, so npubs can flag old accounts and or "Compromised keys"..
#asknostr
View quoted note →
Login to reply
Replies (13)
Sorry ghost but I don't understand this solution.. (I can't read or understand the technicals of it)
Does this thing shows somehow to anyone visiting its profile page show that other npubs are confirming that this specific npub is compromised?
NIP-58 would be great.
There is a design choice for the validity and issuance of the badge (who is the authority to say they aren’t no longer in control etc…)
Fantastic puzzle. Keen to explore
I think badge refreshing on some duration and to receive the badge you put some personal retrieval secret or allocate a trusted *badge* (another verified cat).
Huge and v challenging puzzle, but solvable and adds tremendous value.
Reading the repo, thanks for sharing!
The design would be less like “this account is nuked” and more like “this is still them”.
So it’s about maintaining attenuation , instead of proving loss of account?
Could be wrong but I would go that route I think!
Ah ok I got it, but who does prove this attenuation? Other npubs?
If someone has my keys and can still post with them, that npub is being maintained but not by me.
It’s a method of rotating your nostr keys. You send a lineage event that cryptography proves you are who you say you are. Clients read it and rotate with you.
In this case we are being asked to believe a new @Frank Corva is the real Frank and @The Daniel 🖖 is saying to us that we should trust him.
I’m not implying that he’s not the real Frank. I’m just saying that it should not rely on “other npubs confirming compromise.”
That creates a trust problem and turns identity into a vote.
@Tim Bouma
In a nutshell I’m proposing that we cold storage our nsec and only use it to generate disposable ones that we can use and throw away.
Key rotation and recovery sucks. Few of us (including me) have the foresight and resolve to create a key in cold storage for recovery purposes. That is the core idea, but I think we also need a social recovery mode for us mere mortals, including those who have lost their cold storage recovery key.
I agree. We need both and maybe a few more. Currently we have none.
🤙🏼🍀🫂
Thanks for taking the time to explain Ghost, I appreciate
If you have time, check this thread please @miljan
View quoted note →
One thing that can work well on Nostr, is migrate event from old keys. Just re-sign all the events and publish. Some relays don't allow very old events though.