Damus
inkan · 2d
This may in some ways be orthogonal to what you're doing, but maybe it's related enough to be of interest: nostr:nevent1qvzqqqqqqypzp5dxzjv0fvwuym0shmx350573re4t7mpfdm3az6mya7sl7v6s23rqy2hwumn8ghj7u...
Josh profile picture
In our model we’re not leaning on delegation, because the identity key is secured in hardware, it’s generated inside a secure element and never leaves, so the leakage that makes key rotation necessary mostly isn’t on the table. What we’ve built on top is purely an access layer, a way to generate and rotate bunker URLs remotely, so you can add or cut off clients and change relays without ever touching the key itself.

Thanks for the link though very interesting, I’m checking it out.
1
inkan · 2d
Thanks, that's what I figured. I'm currently just using a non-networked version of Tails to generate the master key, and then put an encrypted version of it on a USB. The master key most likely will have to be used only once, so it's easy to store copies in, say, a safe deposit box. There are probab...