I'll let someone smarter than me get into the weeds on this.
As I understand it, there was a lot of thought and even a spec created for key rotation, but it ends up creating more problems than it solves. See NIP-26 and the discussion around it:
NIP-26
Some issues discussing key rotation:
It's a lot to read, but it shows that our intrepid devs have not just ignored the issue. It is one that has been discussed multiple times at length without a good solution so far.
Bottom line: Don't stick your nsec into clients directly. Use a signer app to limit the potential for your private key to be compromised.
GitHub
nips/26.md at master · nostr-protocol/nips
Nostr Implementation Possibilities. Contribute to nostr-protocol/nips development by creating an account on GitHub.
GitHub
Stateless key rotation using a series of hidden commitments · Issue #103 · nostr-protocol/nips
So the idea here is that Nostr apps could generate a series of keys for each user, all based on an initial seed. And they would show the seed and t...
GitHub
Key rotation verified through root key attestation · Issue #116 · nostr-protocol/nips
The purpose here is to provide users with a mechanism to use revocable "hot" keys in less secure application-level contexts while keeping the root ...
GitHub
Trusted public-key-bundle attestations for key rotation and group definition · Issue #123 · nostr-protocol/nips
Purpose The purpose of this NIP is to provide users with a mechanism to define a group of related keys that speak on behalf of the user (e.g. multi...
GitHub
NIP-26: Delegation coordination flow, new events (general discussion) · Issue #247 · nostr-protocol/nips
Specifying delegation coordination between two apps is not in the scope of NIP-26, but some hints could be included; and some extra specification w...
GitHub
Add key revocation method to NIP-26 · Issue #654 · nostr-protocol/nips
Motivation When using NIP46 for remote signing, people are expected to delegate keys with longer expiration dates using NIP-26 for convenience. If ...
GitHub
some thoughts on identity · Issue #726 · nostr-protocol/nips
nostr is great! ...but, there is one fundamental problem I see. The identity. The major thing I currently dislike about clients, is the fact of exp...
GitHub
Deprecates NIP-26 by vitorpamplona · Pull Request #1051 · nostr-protocol/nips
GitHub
Linked Keys for Multi-Device Nostr · Issue #1810 · nostr-protocol/nips
Right now, using Nostr across multiple devices is a challenge. Either you: Share your master key (risky, especially on a phone). Use separate keys ...
GitHub
NIP-A0: Keychains by mikedilger · Pull Request #1837 · nostr-protocol/nips
I think this is the simplest yet effective way to move towards master keys and device keys.
I have yet to compare this to other key management prop...
GitHub
NIP-26 should not be discouraged - Ephemeral Keys are a key to improve key management UX · Issue #1959 · nostr-protocol/nips
Can we discuss why this NIP is unrecommended? I think that we ought to have a standardized mechanism to generate ephemeral keys; it allows us to cr...
