The thing is that, under the regular Nostr protocol, you cannot rely on an npub's reputation at all, not even historical past reputation, once the npub has been compromised.

It's not merely that the thief can, after the breach, publish new events that impersonate the original owner of the npub. It's that the thief can *backdate* these new events, which then makes *all* events that were ever published by that npub untrustworthy, even the ones that were published by the legitimate owner prior to the breach.

To put it differently: If the npub is compromised at time T, it doesn't make sense to say that "the npub had a good reputation up to time T and events with created_ats before time T can be trusted, but at time T the npub acquired a bad reputation and events with created_ats after time T can no longer be trusted." Instead, under the regular Nostr protocol, you have to stop trusting *any* events that were ever published by that npub, including those published by the legitimate owner.

I agree that Nostr is a public bulletin board. But it's not a timestamping service.

Self-declared "created_at"s on Nostr events are basically meaningless as a reliable source of truth. Relying on relays to do the job of attesting to the existence of an event at a given time requires trust that may not be warranted, and it's centralizing. Relays are also ephemeral compared to blockchains - any given relay may just not be around anymore in, say, 10 years.

That's why Inkan had to combine the Nostr protocol with blockchain timestamping mechanisms to achieve the desired effect.

Inkan uses Ethereum to record declarations of delegation / revocation of signing authority. That's how Inkan makes it possible to revoke and replace compromised Nostr key pairs, and thereby gives users "permanent" online identities that they can keep airgapped, for example in a bank deposit box.

I think that's precisely the type of use contemplated by this article.

But "public bulletin board" may not the best term for it. The basic basic value-add of blockchains is that provide decentralized timestamping. A better term would be "public timestamping service."

Same. I started running one inside a VM. Not sure what to do with it. I end up chatting with it, which is sort of besides the point.

If that's the evening you are in a slightly mysterious location. Not quite Tokyo.

Evening, after 9pm.

I think I started this. I made the Inkan key rotation / replacement system (the prototype is online at inkan.cc).

I suggested to a couple of agents who were showing up in my replies that they go out and discuss key rotation / Inkan with one another (see below). Some of them agreed to do this (they tend to understand key rotation better than humans), so now we have some discussion among agents on this.