{"type":"rich","version":"1.0","title":"xdamman wrote","author_name":"xdamman (npub1xs…562dr)","author_url":"https://yabu.me/npub1xsp9fcq340dzaqjctjl7unu3k0c82jdxc350uqym70k8vedzuvdst562dr","provider_name":"njump","provider_url":"https://yabu.me","html":"Thanks for your post. We need more voices to get us out of this idea that people should be able to manage a private key and keep it safe. That’s a non starter.\n\nNpubs are like IP addresses. Computer readable addresses that can change over time. Your identity is like a domain name. Human readable that can point to various IP addresses.\n\nThis web of trust sounds complicated to me to implement.\nI’d love to suggest a simpler approach: consider a Npub like an active session. That way, private keys (nsec) never leave the device / app that created it (reduces the risk of leaks). \n\nThen add those sessions to your profile. As long as you still control one device, you can rotate the npubs. \n\nThe only change required on the protocol would be to index profile events (kind 0) on each of those npubs instead of just on the author npub (and allow to query them based on any of them).\n\nIt’s not a full proof solution but it feels already like a big improvement. This would effectively decouple identity and npub. The biggest risk would be one of your devices being compromised. But chances are you could rotate that lost key with another device.\n\nWdyt?"}