arthurfranca on nostr

Why do some people want key rotation on Nostr? That's bad.

Like, you DM me about secret stuff, then I rotate to a new key, then I reveal my old key for anyone to decrypt and read those messages with proof that you wrote them.

Am I missing something?

Technical Debt · 5w

Yeah, praying that your nsec never leaks is the sane thing to do 🙏

frphank · 5w

You use rotating keys for signing, not for encryption. For encryption you can look at something like the double ratchet protocol. You basically create ephemeral keys that you throw away instead of revealing them.

inkan · 5w

I'm not sure I'm following. Why would key rotation require you to reveal an old key that wasn't revealed before? I'd think of key rotation as the user announcing that, from now on, they won't use key pair X for signing events but will instead use key pair Y. In doing so, no old keys are revealed to...

arthurfranca · 5w

thx for the different points of view. they have helped me improve a draft chat spec I wrote some time ago. I want to position it between nip-17 and marmot in terms of ease of implementation, functionality and privacy.