pull down to refresh

The Nostr Problem Nobody Wants To Admit - Ghostuntraceabledigitaldissident.com/nostr-cold-root-epoch-key-rotation/
179 sats \ 4 comments \ @Scoresby 8 Dec nostr
Someday I won't have to use my nsec on a hot device...
Early clients made the nsec a hot key because it was fast, simple, and got people posting in five seconds. Zero friction. Maximum adoption. And now the entire ecosystem is stuck carrying the blast radius of that shortcut.
The model we should have built from day one is simple and proven:
Root nsec (cold, offline) -> deterministic derivation -> epoch based operational keys (hot) -> clients follow the epochs automatically -> rotation becomes normal, safe, and invisible
It needs a mental model shift:
  • Stop treating the root key as the thing you post with.
  • Start treating it as the thing you protect with your life.
  • Let the root define the family of keys.
  • Let the hot keys do the work.
  • Let time advance the lineage cleanly.
  • Make compromise lose its teeth.
write
preview
related posts
102 sats \ 0 replies \ @justin_shocknet 9 Dec
This has been hashed over a number of times, this was written without any actual research into the problem space. Child keys are too much work on the client, among other inanities with this approach.
A UX warning “New epoch key detected. This profile rotated.” That’s it.
lol.
It's actually much simpler, remote signing and a policy engine: https://auth.shock.network
This is how so much works in the enterprise, and for a social network to gain real traction big brands need to adopt it and that means delegating revocable scoped permissions to interns and social media management suites, policy engines and remote signing are inevitable.
Focus is on wallet/pub rn of course but an SDK and enhancement to Sanctum is on the roadmap.
reply
102 sats \ 2 replies \ @ek 8 Dec
And because the keys derive deterministically from the cold root, clients that implement lineage discovery never lose track. They just follow the chain.
Derived keys are just normal Nostr keys
Just client side behavior. No permission from anyone.
They just need to add: [mentions four things that sound pretty complicated]
Just normal Nostr keys posting events.
I assume they didn't read #1294916
reply
0 sats \ 0 replies \ @m0wer 22h
🤣🤣🤣
reply
0 sats \ 0 replies \ @Scoresby OP 8 Dec
ooh, yeah that's a lot of justs.
reply