NIP-24: Add 'moved_to' tag to support identity migration #1906
Conversation
|
Someday someone will write a full-featured key rotation spec. This simple version isn't terrible, but it can be abused if (for example) your key gets leaked and the attacker migrates your key to one of their own, permanently locking you out of your account. To that point, what happens if you remove the moved to tag? Or if you rotate to someone else's existing key? |
|
I understand what you're saying, but isn't the purpose of taking over an account to be able to manage it? Also, even without the 'moved_to' tag, the person who takes over the account can still change the user metadata. I don't say it's great but I think the 'moved_to' tag is more useful than notes like 'I'm switching to this npub because I leaked my nsec'. |
|
We've had this conversation numerous times over the last few years, and the consensus seems to be that half-measures only make things worse, since the burden on clients of linking pubkey is pretty heavy, and a complete key rotation standard has to be invented anyway. The problem is no one has taken the time to spec a complete solution. The closest we've gotten is #829, but I really don't like the time delay stuff. With better attestations (#1737) we probably could do something based on web of trust without making it too complex. |
2 participants
Clients may show this info to users and optionally update follow lists by replacing the old pubkey with the new one.