My plan for the POC for Mlkut PKI is a registration app that...
npub1jvxvaufrwtwj79s90n79fuxmm9pntk94rd8zwderdvqv4dcclnvs9s7yqz
hex
0cca53e7b49de908233d77d363513ac069bf0eff4c2633ee1db40c531e9676a3nevent
nevent1qqsqejjnu76fm6ggyv7h05mr2yavq6dlpml5cf3nacwmgrznr6t8dgcprpmhxue69uhhyetvv9ujuem4d36kwatvw5hx6mm9qgsfxrxw7y3h9hf0zczhelz57rdajse4mz63kn38xu3kkqx2kuv0ekgcmaydqKind-1 (TextNote)
My plan for the POC for Mlkut PKI is a registration app that allows you to progressively gain more control of your identity;
- Level One; a server that already registered a batch of IDs points one of these IDs to the endpoints you want, and allow you to update them using a Passkey.
- Level Two; if you want to survive the server dying, you can download a recovery key.
- Level Three; if you don't want to trust the default server with custody of the keys any more, you can either; A) Pay a Rootstock transaction fee to change the recovery key to something that the server never had. B) Move to another server, and let that new server pay the transaction fee, possibly by batching multiple users migrating at once.
If you remain at Level 1, you are not too different from Mastodon.
If you remain at Level 2 you are not too different from Bluesky (trusting DID PLC and your server not to steal your identity).
If you go all the way to Level 3, you are just as sovereign as having Nostr Nsec + using bunkers + can fire the bunker if they try to steal your identity, but you need to pay for a transaction fee for that.
The main downside remains that if you trust a server to custody the keys, you really need to get notifications if the server tries to steal your identity, by watching the Rootstock chan.
In practice, most users will remain at Level One, but they have the option to upgrade their control if they care.
And of course the ID is short enough you can enter in a username field from memory, and use a Passkey to authenticate a device, but that is advance demo from just registration.
原始 JSON
{
"kind": 1,
"id": "0cca53e7b49de908233d77d363513ac069bf0eff4c2633ee1db40c531e9676a3",
"pubkey": "930ccef12372dd2f16057cfc54f0dbd94335d8b51b4e2737236b00cab718fcd9",
"created_at": 1777639980,
"tags": [],
"content": "My plan for the POC for Mlkut PKI is a registration app that allows you to progressively gain more control of your identity;\n1. Level One; a server that already registered a batch of IDs points one of these IDs to the endpoints you want, and allow you to update them using a Passkey.\n2. Level Two; if you want to survive the server dying, you can download a recovery key.\n3. Level Three; if you don't want to trust the default server with custody of the keys any more, you can either;\nA) Pay a Rootstock transaction fee to change the recovery key to something that the server never had.\nB) Move to another server, and let that new server pay the transaction fee, possibly by batching multiple users migrating at once.\n\nIf you remain at Level 1, you are not too different from Mastodon.\n\nIf you remain at Level 2 you are not too different from Bluesky (trusting DID PLC and your server not to steal your identity).\n\nIf you go all the way to Level 3, you are just as sovereign as having Nostr Nsec + using bunkers + can fire the bunker if they try to steal your identity, but you need to pay for a transaction fee for that.\n\nThe main downside remains that if you trust a server to custody the keys, you really need to get notifications if the server tries to steal your identity, by watching the Rootstock chan.\n\nIn practice, most users will remain at Level One, but they have the option to upgrade their control if they care.\n\nAnd of course the ID is short enough you can enter in a username field from memory, and use a Passkey to authenticate a device, but that is advance demo from just registration.",
"sig": "7b3e2737731f4d9f37d2e89b207e4a9634c4ae074a963a3f2626568c879dce54fd12f35f6de21e79da240ceda013e0ff949bba1cf462913f44595993af530bce"
}