Comment on Some interesting comments on the move

<- View Parent
logen@exploding-heads.com ⁨1⁩ ⁨year⁩ ago

As I recall back when I did gpg encrypted email.

You can create a master key. You use this master key to sign other keys.

Keep that master key super safe.

The subkey is what you use in general practice.

You upload your public keys to keyservers, which I believe is what happens with nostr nodes.

Your master key can revoke the subkeys at any time. This revocation is sent to keyservers and the public key is marked as invalid so other people don’t trust it.

You then make a new subkey signed by your master key to prove it is still you, but with a new key, and upload that public key.

Now that’s the key people use to encrypt data for you, as opposed to the old revoked one.

Now, I’m not sure exactly how it works either with the keyservers or nostr, but it seems like it should be doable. Have an air gaped master key that is only used to sign the keys you use day to day, and it’s that master key’s signature that is the verification of your identity.

Bonus points to this system, I can have five different nostr apps each create their own key. I could later verify all those keys with my master key to prove each of these different keys belong to the same identity. With that verification, if implemented of course, the noster nodes could link all the pub keys signed by the same master key to help people follow an identity across different types of content.

I know I’m somewhat confusing different points I was trying to make, but it should all be possible.

source
Sort:hotnewtop