Clem on Nostr: Yeah. Or at least some sort of revocation process. - Loose Controll of your keys, ...
Yeah.
Or at least some sort of revocation process.
- Loose Controll of your keys, there needs to be some sort of mechanism that only YOU can use to revoke and rotate them.
Potentially a GPG key signature that signs the keys. Old but confusing for some people.
We usually have our identities tied to email. Yet that also has potential problems.
We have an identity problem that we need to solve. The question is, what makes you, you.
Previous groups have tried to solve this by saying the collective histories of your online histories defines you, Keybase tried to solve this by people posting proofs to their channels. Tying all their social identities into one overall identity. It’s an interesting project, but it’s got a centralization problem too. We may need a similar idea, but built in a decentralized system.
- If nothing else, the ability to add a backup key, or a GPG signature key for your account. That allows revocation of your identity if the keys are compromised or need rotation.
Then clients can check if an account has revoked previous keys and show a history. And compromised accounts can be filtered from view, or if a new key is added and signed by GPG, rotated to the new identity.
Or at least some sort of revocation process.
- Loose Controll of your keys, there needs to be some sort of mechanism that only YOU can use to revoke and rotate them.
Potentially a GPG key signature that signs the keys. Old but confusing for some people.
We usually have our identities tied to email. Yet that also has potential problems.
We have an identity problem that we need to solve. The question is, what makes you, you.
Previous groups have tried to solve this by saying the collective histories of your online histories defines you, Keybase tried to solve this by people posting proofs to their channels. Tying all their social identities into one overall identity. It’s an interesting project, but it’s got a centralization problem too. We may need a similar idea, but built in a decentralized system.
- If nothing else, the ability to add a backup key, or a GPG signature key for your account. That allows revocation of your identity if the keys are compromised or need rotation.
Then clients can check if an account has revoked previous keys and show a history. And compromised accounts can be filtered from view, or if a new key is added and signed by GPG, rotated to the new identity.