Comment on Some interesting comments on the move
masterofballs@exploding-heads.com 1 year agoOk so the masterkey and the key server are the central authority. You can implement the same thing in nostr. For example, someone could just manage your key for you. And you interact through a normal username and password. I’m sure those kinda service will come about.
logen@exploding-heads.com 1 year ago
Well, you do all this on the client side. It’s just that the nodes would manage your pubkeys. (Which the might already do?)
If your key gets hijacked by someone, it’s nice to be able to push a revocation certificate, if nothing else.
masterofballs@exploding-heads.com 1 year ago
Well, what is the key server? It has to be a person, computer, blockchain. Something right?
logen@exploding-heads.com 1 year ago
Like a nostr node, anyone can set one up and they can share information with each other.
If you use Linux, you may notice that the keys are updated from time to time, that’s your system contacting keyservers to get a copy of the public keys to verify package integrety.
But yea, they have a central authority, kinda, but really it’s just a place for people to store their public keys so people can use it to verify cryptographically signed content, or encrypt data meant only for the owner of the key pair that the public key is attached to.
To me, it looks like nostr nodes do this, there’s just nothing implemented yet to recover a hijacked key. Tom (if anyone remembers him) could get a following of 10k people, happen to lose control of his private key, and then we are back to the same problem of a central authority banning someone… Possibly even worse because, well, identity theft without a way to proove it.
At this point, at the very least, I’d like the owner of the private key (regular users) to be able to send a revocation certificate to a node which will flag this particular public key as compromised. Other nodes will see this and the flag will spread. Revocation certificats can only be made by someone with access to the private key. So we shouldn’t have any censorship issues here.
tl;dr of everything I’m going on about here so far
I’d like nostr to implement a way for users to print out revocation certs, just like how we can backup our private keys, so that users have the ability to report compromised accounts to the nodes.
I’d also like there to be a system where we can recover from the above situation without having to start over and rebuild trust under a new identity. Such as having a backup key that can veryify a new key belongs to the person who’s claiming it.
We already have a solution for all this, it’s just a mater of nostr nodes supporting it.
masterofballs@exploding-heads.com 1 year ago
Back up isn’t really a problem atleast. You can access everyone’s followers on nostr. Everything is public. Person to person messages are kept private with encryption. If you lose your PK though those all become public.