diff options
| author | Pablo Fernandez <p@f7z.io> | 2023-10-20 10:21:35 +0300 |
|---|---|---|
| committer | Pablo Fernandez <p@f7z.io> | 2023-10-20 10:21:35 +0300 |
| commit | 68b27f6574051fbe6ffbfb652bf3abfbb10b73c7 (patch) | |
| tree | 4ee20d95aaa422a5bb2d52b0cba75e5bdaba44f5 /41.md | |
| parent | 30dd53b51baf96cd257802e26ea8dfb97d7b086c (diff) | |
increase time delay to 60-days
Diffstat (limited to '41.md')
| -rw-r--r-- | 41.md | 16 |
1 files changed, 7 insertions, 9 deletions
| @@ -1,6 +1,6 @@ | |||
| 1 | # NIP-41 | 1 | # NIP-41 |
| 2 | ## Key migration | 2 | ## Key migration |
| 3 | `draft` `optional` `author:pablof7z` | 3 | `draft` `optional` `author:pablof7z` `author:fiatjaf` |
| 4 | 4 | ||
| 5 | This NIP introduces a simple, best-effort, not guaranteed, way in which a user can notify their followers that they have migrated to a new public key in case the current one is compromised. | 5 | This NIP introduces a simple, best-effort, not guaranteed, way in which a user can notify their followers that they have migrated to a new public key in case the current one is compromised. |
| 6 | 6 | ||
| @@ -8,7 +8,7 @@ This NIP introduces a simple, best-effort, not guaranteed, way in which a user c | |||
| 8 | * `kind:1776` whitelists a pubkey. | 8 | * `kind:1776` whitelists a pubkey. |
| 9 | * `kind:1777` migrates to a previously whitelisted pubkey. | 9 | * `kind:1777` migrates to a previously whitelisted pubkey. |
| 10 | * `kind:1776` and `kind:1777` MUST be opentimestamped [NIP-03](https://github.com/nostr-protocol/nips/blob/master/03.md). | 10 | * `kind:1776` and `kind:1777` MUST be opentimestamped [NIP-03](https://github.com/nostr-protocol/nips/blob/master/03.md). |
| 11 | * When a migration event is published, a 30-day period starts in which a user can publish a competing migration event pointing to an earlier `kind:1776` event. After this period, clients SHOULD automatically update the user's follow list to the new pubkey. | 11 | * When a migration event is published, a 60-day period starts in which a user can publish a competing migration event pointing to an earlier `kind:1776` event. After this period, clients SHOULD automatically update the user's follow list to the new pubkey. |
| 12 | * Relays SHOULD NOT delete `kind:1040` nor `kind:1776` events from their database upon receiving a `kind:5` event. | 12 | * Relays SHOULD NOT delete `kind:1040` nor `kind:1776` events from their database upon receiving a `kind:5` event. |
| 13 | 13 | ||
| 14 | # Flow | 14 | # Flow |
| @@ -45,7 +45,7 @@ When the user needs to change keys they sign an event `kind:1777` with the new k | |||
| 45 | { | 45 | { |
| 46 | "pubkey": "pubkey-B", | 46 | "pubkey": "pubkey-B", |
| 47 | "kind": 1777, | 47 | "kind": 1777, |
| 48 | "content": "", | 48 | "content": "I rolled my key using libbitcoin; moving to a new one just in case", |
| 49 | "tags": [ | 49 | "tags": [ |
| 50 | [ "p", "pubkey-A" ], | 50 | [ "p", "pubkey-A" ], |
| 51 | [ "e", "<kind:1776-event-id>" ], | 51 | [ "e", "<kind:1776-event-id>" ], |
| @@ -63,30 +63,28 @@ When the user needs to change keys they sign an event `kind:1777` with the new k | |||
| 63 | * `.content` SHOULD be ignored; users can optionally write a message explaining the migration. | 63 | * `.content` SHOULD be ignored; users can optionally write a message explaining the migration. |
| 64 | 64 | ||
| 65 | ## Following the new pubkey | 65 | ## Following the new pubkey |
| 66 | |||
| 67 | Upon seeing this event, the client MAY choose to display a warning to the user that the identity is migrating to a new key. The client should not take any automated action at this point since the migration could be an attack, but the user could communicate out of band with the user to confirm the migration. | 66 | Upon seeing this event, the client MAY choose to display a warning to the user that the identity is migrating to a new key. The client should not take any automated action at this point since the migration could be an attack, but the user could communicate out of band with the user to confirm the migration. |
| 68 | 67 | ||
| 69 | After 30 days the client of seeing the `kind:1777` event, the client SHOULD automatically update the user's follow list to the new pubkey after some verifications: | 68 | After 60 days of seeing the `kind:1777` event, the client SHOULD automatically update the user's follow list to the new pubkey after some verifications: |
| 70 | When users who follow the old pubkey see a `kind:1777` event they SHOULD: | 69 | When users who follow the old pubkey see a `kind:1777` event they SHOULD: |
| 71 | 70 | ||
| 72 | * check `kind:1776` and `kind:1777` event signatures | 71 | * check `kind:1776` and `kind:1777` event signatures |
| 73 | * check `kind:1777`'s `pubkey` matches `kind:1776`'s `p` tag | 72 | * check `kind:1777`'s `pubkey` matches `kind:1776`'s `p` tag |
| 74 | * check `kind:1777` is more than 30 days old | 73 | * check `kind:1777` is more than 60 days old |
| 75 | * check that no competing 1777 event exists pointing to an event with an older valid OTS proof | 74 | * check that no competing 1777 event exists pointing to an event with an older valid OTS proof |
| 76 | 75 | ||
| 77 | After validating all these checks clients SHOULD replace the old pubkey in the user's follow list with the new one. | 76 | After validating all these checks clients SHOULD replace the old pubkey in the user's follow list with the new one. |
| 78 | 77 | ||
| 79 | ## Notes | 78 | ## Notes |
| 80 | 79 | ||
| 81 | ### Rational behind the 30 days delay | 80 | ### Rational behind the 60 days delay |
| 82 | This gives enough time for a user to notice a migration request published by an attacker and gives the user enough time to publish a competing migration request pointing to an earlier `kind:1776` whitelisting event. | 81 | This gives enough time for a user to notice a migration request published by an attacker and gives the user enough time to publish a competing migration request pointing to an earlier `kind:1776` whitelisting event. |
| 83 | 82 | ||
| 84 | ### Preventing unpublished evil `kind:1777` attack | 83 | ### Preventing unpublished evil `kind:1777` attack |
| 85 | Clients should keep track of when a `kind:1777` event should take into effect, counting at least 30 days from the time of seeing the event and not trusting the event timestamp. This is to prevent an attacker creating an evil `kind:1776`, its attestation, and a `kind:1777` event with its attestation and not publishing them until the 30 days of the attestation have elapsed. | 84 | Clients should keep track of when a `kind:1777` event should take into effect, counting at least 60 days from the time of seeing the event and not trusting the event timestamp. This is to prevent an attacker creating an evil `kind:1776`, its attestation, and a `kind:1777` event with its attestation and not publishing them until the 60 days of the attestation have elapsed. |
| 86 | 85 | ||
| 87 | #### Preventing poorly-distributed evil `kind:1777` attack | 86 | #### Preventing poorly-distributed evil `kind:1777` attack |
| 88 | Additionally, clients SHOULD broadcast the `kind:1777` events to the relays it normally writes to. This is to prevent an attacker from creating a short-lived NIP-65 relay list where only a subset of users will see an evil `kind:1777` event but not widespread enough for the real owner to notice it. | 87 | Additionally, clients SHOULD broadcast the `kind:1777` events to the relays it normally writes to. This is to prevent an attacker from creating a short-lived NIP-65 relay list where only a subset of users will see an evil `kind:1777` event but not widespread enough for the real owner to notice it. |
| 89 | 88 | ||
| 90 | ### Future Work | 89 | ### Future Work |
| 91 | |||
| 92 | Key migration can be done in multiple ways. This is an initial implementation that can work. This mechanism should be extended with other, alternative mechanisms, that can leverage different flows/tradeoffs (e.g. social recovery). \ No newline at end of file | 90 | Key migration can be done in multiple ways. This is an initial implementation that can work. This mechanism should be extended with other, alternative mechanisms, that can leverage different flows/tradeoffs (e.g. social recovery). \ No newline at end of file |