Rename to migration key

Author: Jon Staab

D8.md

@@ -8,41 +8,41 @@ Nostr Key Rotation
 
 By default nostr public keys solely represent a user's identity, which makes it impossible to recover from key loss or compromise.
 
-This NIP defines a simple mechanism for key rotation by means a ratchet mechanism involving the use of a single-purpose key which can be stored more securely than a user's main key.
+This NIP defines a simple mechanism for key rotation by means a migration mechanism involving the use of a single-purpose key which can be stored more securely than a user's main key.
 
 Some terms:
 
 - An `identity` key is a user's initial nostr public key and serves as the user's persistent identifier.
 - An `authorized` key is a nostr public key that can sign on behalf of a user's `identity` key. A user's `identity` key is itself an `authorized` key until it is invalidated.
-- A `ratchet` key is a nostr public key authorized in advance as the only way to generate or invalidate `authorized` keys.
+- A `migration` key is a nostr public key authorized in advance as the only way to generate or invalidate `authorized` keys.
 
 A tree of these keys is created using three new event kinds, defined below. The current state of this tree MUST be validated as described in the [validation](#Validation) section below.
 
-## Creating a Ratchet Key
+## Creating a Migration Key
 
 Any `authorized` key can be used to sign a `kind 260` event with the following tags:
 
-- A `p` tag containing the new `ratchet` pubkey and a relay hint
-- A `proof` tag containing a schnorr signature of the `authorized` pubkey using the new `ratchet` key
+- A `p` tag containing the new `migration` pubkey and a relay hint
+- A `proof` tag containing a schnorr signature of the `authorized` pubkey using the new `migration` key
 
-Only the first `ratchet` key published by a given `authorized` key is valid. If multiple conflicting `kind 260` events exist, the first one published MUST be used. Ratchet keys cannot be invalidated except by invalidating the corresponding `authorized` key.
+Only the first `migration` key published by a given `authorized` key is valid. If multiple conflicting `kind 260` events exist, the first one published MUST be used. Migration keys cannot be invalidated except by invalidating the corresponding `authorized` key.
 
-Ratchet keys MUST NOT be used for anything other than creating and invalidating `authorized` keys
+Migration keys MUST NOT be used for anything other than signing a single `kind 261` event.
 
 ## Migrating to a new Authorized Key
 
 A `kind 261` migration event MUST have the following tags:
 
 - A `p` tag containing a new `authorized` pubkey and a relay hint
-- A `proof` tag containing a schnorr signature of the `ratchet` pubkey using the new `authorized` key
+- A `proof` tag containing a schnorr signature of the `migration` pubkey using the new `authorized` key
 
 It MAY also include:
 
 - An `as_of` tag containing a seconds-resolution timestamp for retroactive key invalidation
 
-Only a `ratchet` key can sign a `kind 261` migration event. Only the first `kind 261` event published by a given `ratchet` key is valid. If multiple conflicting events exist, the first one published MUST be used.
+Only a `migration` key can sign a `kind 261` migration event. Only the first `kind 261` event published by a given `migration` key is valid. If multiple conflicting events exist, the first one published MUST be used.
 
-Migrating away from an `authorized` key also invalidates the `ratchet` key used. All events created by an `authorized` key or its corresponding `ratchet` key after migration MUST be ignored.
+Migrating away from an `authorized` key also invalidates the `migration` key used. All events created by an `authorized` key or its corresponding `migration` key after migration MUST be ignored.
 
 This event MAY include a message in the `content` field. Clients SHOULD fetch this event and notify its users that a migration has taken place.
 
@@ -57,8 +57,8 @@ Because event timestamps can be forged, a sequencer is required in order to esta
 Key state transitions MUST be validated according to the following process:
 
 1. Select a `target` pubkey to validate.
-2. Fetch `kind 260` events signed by the `target` key in order to identify the `target`'s `ratchet` key.
-3. Fetch `kind 261` events signed by the `target`'s `ratchet` key. If any exist, events created by the `target` after its `as_of` (or `created_at`) field are invalid and should be ignored.
+2. Fetch `kind 260` events signed by the `target` key in order to identify the `target`'s `migration` key.
+3. Fetch `kind 261` events signed by the `target`'s `migration` key. If any exist, events created by the `target` after its `as_of` (or `created_at`) field are invalid and should be ignored.
 4. Fetch all `kind 260` events `p`-tagging the `target`. If no valid ones exist, the `target` key is an `identity` key and is `authorized` on its own behalf.
 5. Repeat steps 1-4 for the author of the `kind 260` event which `p`-tags the `target` key until an `identity` key is reached, or a link fails to be established.
 
@@ -68,15 +68,15 @@ When checking the validity of an event published by an `authorized` key, it's im
 
 ## Threat Model
 
-This NIP relies on the assumption that `ratchet` keys can be stored more securely than `authorized` keys.
+This NIP relies on the assumption that `migration` keys can be stored more securely than `authorized` keys.
 
 Current nostr users have already exposed their keys in many places. This NIP allows those users to upgrade their account's security today without immediately migrating to the new key.
 
-A general-purpose `authorized` key has to be stored on an internet-connected device in order to support frequent usage, while a single-purpose `ratchet` key can be stored offline and still remain useful.
+A general-purpose `authorized` key has to be stored on an internet-connected device in order to support frequent usage, while a single-purpose `migration` key can be stored offline and still remain useful.
 
-Even if an attacker gains control of a user's `identity` key, they can't do any permanent damage if the user has already generated and secured a `ratchet` key.
+Even if an attacker gains control of a user's `identity` key, they can't do any permanent damage if the user has already generated and secured a `migration` key.
 
-However, if the user has **not** generated a `ratchet` key for their account, or their `ratchet` key has been compromised, an attacker can *lock the owner out of their account*, escalating key compromise to permanent account loss. They is the key trade-off of this NIP and exists for all users, regardless of whether they adopt it. For this reason, it is recommended that users generate a `ratchet` key early and store it securely. Additionally, if a `ratchet` key is generated and then lost, the user loses the ability to rotate their key.
+However, if the user has **not** generated a `migration` key for their account, or their `migration` key has been compromised, an attacker can *lock the owner out of their account*, escalating key compromise to permanent account loss. They is the key trade-off of this NIP and exists for all users, regardless of whether they adopt it. For this reason, it is recommended that users generate a `migration` key early and store it securely. Additionally, if a `migration` key is generated and then lost, the user loses the ability to rotate their key.
 
 ## Usage Recommendations
 
@@ -109,7 +109,7 @@ Clients SHOULD implement key validation. Relays MAY implement key validation and
 In this example, Alice creates three different keys:
 
 - Key `A` is her `identity` key, since it's the first key she creates and where she begins her attestation chain. It is also by default an `authorized` key.
-- Key `A'` is her `ratchet` key, which is used in turn to create a new `authorized` key `B`.
+- Key `A'` is her `migration` key, which is used in turn to create a new `authorized` key `B`.
 - Key `A` is later compromised and subsequently invalidated by `A'`
 
 Throughout, Bob and Carol interact with Alice's account. Bob uses a client that lacks support for key rotation, while Carol uses a client that has it.
@@ -134,7 +134,7 @@ At this point, nothing special needs to happen. Alice continues signing events w
 
 The attacker also attempts to publish a new `kind 260` event, `A.2` in an attempt to hijack Alice's key state and point people to key `X`. However, both Alice and Carol properly reject it based on OTS attestations, while Bob ignores it entirely.
 
-At this point, Alice needs to switch to a new key, so she publishes a `kind 261` event signed by her `ratchet` key `A'` designating a new key `B` to switch to:
+At this point, Alice needs to switch to a new key, so she publishes a `kind 261` event signed by her `migration` key `A'` designating a new key `B` to switch to:
 
 ```json
 {
@@ -165,19 +165,19 @@ Carol is also following Alice, but her client automatically picks up events `A.1
 
 This returns both of Alice's `kind 1` events: `A.3` (via the `authors` filter), and `B.1` (because of the `#=` filter), while successfully ignoring events created by the attacker after key invalidation took place.
 
-Finally, Alice publishes event `B.2`, which is a `kind 260` event designating key `B'` as her new `ratchet` key.
+Finally, Alice publishes event `B.2`, which is a `kind 260` event designating key `B'` as her new `migration` key.
 
 At the end of the day, this is the state of Alice's keys:
 
 - `A` remains her `identity` key, but is no longer `authorized` as of `A'.1.as_of`.
-- `A'` (her first `ratchet` key) is invalid as of `A'.1.as_of`.
+- `A'` (her first `migration` key) is invalid as of `A'.1.as_of`.
 - `B` is `authorized` to publish events on behalf of her `identity` key `A`.
-- `B'` is a valid `ratchet` key, able to invalidate `B` and create new `authorized` keys.
-- `X` is not and never was a valid `ratchet` key, because `A'` was created first. Any attempts by the attacker to create new `authorized` keys will be ignored.
+- `B'` is a valid `migration` key, able to invalidate `B` and create new `authorized` keys.
+- `X` is not and never was a valid `migration` key, because `A'` was created first. Any attempts by the attacker to create new `authorized` keys will be ignored.
 
 ## Appendix: Ownership Proofs
 
-Kinds `260` and `261` require that users prove they own a given pubkey before designating it either as a `ratchet` key or an `authorized` key.
+Kinds `260` and `261` require that users prove they own a given pubkey before designating it either as a `migration` key or an `authorized` key.
 
 This proof is deliberately designed **not to use common event signing APIs** in order to ensure that the user has direct access to their private key. This helps prevent a malicious signer or client from signing key rotation events via bunker URL or browser extension.
 

README.md

@@ -145,9 +145,8 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos
 | `44`          | Channel Mute User               | [28](28.md)                            |
 | `62`          | Request to Vanish               | [62](62.md)                            |
 | `64`          | Chess (PGN)                     | [64](64.md)                            |
-| `260`         | Create Ratchet Key              | [D8](D8.md)                            |
-| `261`         | Create Authorized Key           | [D8](D8.md)                            |
-| `260`         | Invalidate Authorized Key       | [D8](D8.md)                            |
+| `260`         | Create Migration Key            | [D8](D8.md)                            |
+| `261`         | Migrate Key                     | [D8](D8.md)                            |
 | `443`         | KeyPackage                      | [EE](EE.md)                            |
 | `444`         | Welcome Message                 | [EE](EE.md)                            |
 | `445`         | Group Event                     | [EE](EE.md)                            |