Yeah.
Or at least some sort of revocation process.
- Loose Controll of your keys, there needs to be some sort of mechanism that only YOU can use to revoke and rotate them.
Potentially a GPG key signature that signs the keys. Old but confusing for some people.
We usually have our identities tied to email. Yet that also has potential problems.
We have an identity problem that we need to solve. The question is, what makes you, you.
Previous groups have tried to solve this by saying the collective histories of your online histories defines you, Keybase tried to solve this by people posting proofs to their channels. Tying all their social identities into one overall identity. It’s an interesting project, but it’s got a centralization problem too. We may need a similar idea, but built in a decentralized system.
- If nothing else, the ability to add a backup key, or a GPG signature key for your account. That allows revocation of your identity if the keys are compromised or need rotation.
Then clients can check if an account has revoked previous keys and show a history. And compromised accounts can be filtered from view, or if a new key is added and signed by GPG, rotated to the new identity.
Clem Morton /
npub1gc…yxhyx
2024-08-26 18:50:10
in reply to nevent1q…w06j
Author Public Key
npub1gca5whd7xs05rpt9yspg42wrxhw2luxdd6fp62skmkuzl7t9au0syyxhyxPublished at
2024-08-26 18:50:10Event JSON
{
"id": "924bef839bb6dcde6d5ce3c363244a922515e5fb91fd195db0664931842c618e",
"pubkey": "463b475dbe341f41856524028aa9c335dcaff0cd6e921d2a16ddb82ff965ef1f",
"created_at": 1724698210,
"kind": 1,
"tags": [
[
"e",
"f2ec8209930cf8770b530495ef4b3d4b909fb31f85acaac8703b08884967ac3d",
"",
"root"
],
[
"e",
"adb19a4b0a64a03647280ec35c466c88faf8f51a45a5cdadffe064b7bc668b7c",
"",
"reply"
],
[
"p",
"ee527d6cadba47bdf48142c530ce02ab25275db285699e805f2865883d5705e0"
],
[
"client",
"Nostur",
"31990:9be0be0fc079548233231614e4e1efc9f28b0db398011efeecf05fe570e5dd33:1685868693432"
]
],
"content": "Yeah. \nOr at least some sort of revocation process.\n\n- Loose Controll of your keys, there needs to be some sort of mechanism that only YOU can use to revoke and rotate them.\n\nPotentially a GPG key signature that signs the keys. Old but confusing for some people.\n\nWe usually have our identities tied to email. Yet that also has potential problems.\n\nWe have an identity problem that we need to solve. The question is, what makes you, you.\n\nPrevious groups have tried to solve this by saying the collective histories of your online histories defines you, Keybase tried to solve this by people posting proofs to their channels. Tying all their social identities into one overall identity. It’s an interesting project, but it’s got a centralization problem too. We may need a similar idea, but built in a decentralized system.\n\n- If nothing else, the ability to add a backup key, or a GPG signature key for your account. That allows revocation of your identity if the keys are compromised or need rotation.\n\nThen clients can check if an account has revoked previous keys and show a history. And compromised accounts can be filtered from view, or if a new key is added and signed by GPG, rotated to the new identity.",
"sig": "09c2119eceaf01b02a96114bf12bb60229d65fa5437de31adf965cb153cfd553a583a827a0270d8548b4fdc13a04065cade71c873f0d0de173d26c2da70ec6e3"
}