It refers to the fact that if you don't publish key rotation to a provably public registry (Nostr is not provably public, Bitcoin or Rootstock are because Proof of work forces you to send data to other miners) then Key A can be rotated in private to B' and timestamped first with OTS, then rotated to B and that is timestamp second. Then I sell you my identity (or an organisation has leadership change) so you rotate B to C.
A, B, and C are published on Damus, but B' is only published on a relay no one saw or not published at all. Then once I publish B', people can see that B' was timestamped first, and can't tell it wasn't public, so they have to conclude that the rotation from A to B is invalid because A has already rotated to B', which obviously means the rotation from B to C is invalid.
Key delegation is safe to do offchain, although I think using Nostr is bad and a proper gossip network is better, but fine. But key rotation can't be done safely unless you either or;
1. Publish full events and signatures on Bitcoin or Rootstock or other Blockchain that is guaranteed that people could have watched and downloaded its data, no need for archive just temporary availability is fine.
2. You use centralized registeries or a federation co-signing rotation events, and these are the proof of authority providing the data availability guarantees, but of course that already exists; DID:PLC that Bluesky created.
Nuh
npub1jv…s7yqz
2026-05-13 20:46:40 CEST
in reply to nevent1q…y8ju
Author Public Key
npub1jvxvaufrwtwj79s90n79fuxmm9pntk94rd8zwderdvqv4dcclnvs9s7yqzSeen on
wss://relay.damus.ioPublished at
2026-05-13 20:46:40 CESTEvent JSON
{
"id": "d91bac05c53ea7e2ad198b199b1f79c01dc05d942db3010b412cacfbdea002b6",
"pubkey": "930ccef12372dd2f16057cfc54f0dbd94335d8b51b4e2737236b00cab718fcd9",
"created_at": 1778698000,
"kind": 1,
"tags": [
[
"e",
"861170a0d3153c48e2b55c8a9f7de1f46950993ee424843f071d07c4d6cfcbfa",
"wss://nos.lol/",
"root",
"930ccef12372dd2f16057cfc54f0dbd94335d8b51b4e2737236b00cab718fcd9"
],
[
"e",
"6959f94599ba95e7df6d3c65e80ae5574c074f74368112f9b042b740762baa4c",
"wss://relay.primal.net/",
"reply",
"d1a61498f4b1dc26df0becd1a3e9e88f355fb614b771e8b5b277d0ff99a82a23"
],
[
"p",
"50809a53fef95904513a840d4082a92b45cd5f1b9e436d9d2b92a89ce091f164"
],
[
"p",
"abaa09dab1fc3fffc1409fdb28b13832cd4031704c4df6198525fa7ea466bed2"
],
[
"p",
"d1a61498f4b1dc26df0becd1a3e9e88f355fb614b771e8b5b277d0ff99a82a23"
]
],
"content": "It refers to the fact that if you don't publish key rotation to a provably public registry (Nostr is not provably public, Bitcoin or Rootstock are because Proof of work forces you to send data to other miners) then Key A can be rotated in private to B' and timestamped first with OTS, then rotated to B and that is timestamp second. Then I sell you my identity (or an organisation has leadership change) so you rotate B to C.\n\nA, B, and C are published on Damus, but B' is only published on a relay no one saw or not published at all. Then once I publish B', people can see that B' was timestamped first, and can't tell it wasn't public, so they have to conclude that the rotation from A to B is invalid because A has already rotated to B', which obviously means the rotation from B to C is invalid.\n\nKey delegation is safe to do offchain, although I think using Nostr is bad and a proper gossip network is better, but fine. But key rotation can't be done safely unless you either or;\n1. Publish full events and signatures on Bitcoin or Rootstock or other Blockchain that is guaranteed that people could have watched and downloaded its data, no need for archive just temporary availability is fine.\n2. You use centralized registeries or a federation co-signing rotation events, and these are the proof of authority providing the data availability guarantees, but of course that already exists; DID:PLC that Bluesky created.",
"sig": "92e0313816ba0c97c6bc1a31393a2819eb0bbccf5d357f9b3151ee2b49d2dc996fc438b346c6c87321cf9438ac97f218d3c100936f69771364bc470bbd49d497"
}