%tSEcO/fLTVTu3NLJHX5nUgvaXbNn2pxYi7N230I6N5c=.sha256I want to agree to locking in 1, multi-device feeds. However, I'm not clear if this is going to be implemented as sameAs -- which I'm concerned is a security risk, as someone could pretend to be my feed with this strategy.
I also raised a similar concern and suggested separating receiving private messages from merging feeds. That discussion was in the other thread
I want to see multi-device feeds implemented as subkeys using libsodium -- similar to how Bitcoin issues subkeys for receive addresses. Is this @matt's approach? If this is his approach, then I can support 1. If not, I cannot.
Are you refering to Heirachical Deterministic wallets? That won't be more secure than this proposal, because either you do hash("phone"+privateKey) to get a private key for the phone, but you can't prove to someone else that is the correct key without showing them your private key.
There is also a way to do something like curve_add(hash("phone"), privateKey) and also something that corresponds to curve_add(hash("phone"), publicKey), this sounds really good, but unfortunately it means if you gain the phone's private key you can reverse the addition to get the main private key. This means if any device you have gets compromised, they all get compromised.
For that reason, I think it's safer to have separate keys generated on each device, so that loosing one device only compromises that one device.