dvdc on Nostr: What are your thoughts on a chain of trust structure for nsecs? A user would have a ...

What are your thoughts on a chain of trust structure for nsecs? A user would have a root nsec stored on a hardware device. When a Nostr app wants to authenticate a user, it can request a signed event from the root nsec to attest for the newly generated client-specific nsec. The root nsec stays secure and can revoke the client nsec later, and the client doesn't need to deal with any remote signing.