Oddbean

Loose control of your keys on here however and you’ve lost control of your whole identity and follower base. I expect as popularity of this protocol rises, having a mechanism for invalidation and rotation of keys is going to become more important. I think much work needs to be done in the future to fix this issue.

Yeah. Or at least some sort of revocation process. - Loose Controll of your keys, there needs to be some sort of mechanism that only YOU can use to revoke and rotate them. Potentially a GPG key signature that signs the keys. Old but confusing for some people. We usually have our identities tied to email. Yet that also has potential problems. We have an identity problem that we need to solve. The question is, what makes you, you. Previous groups have tried to solve this by saying the collective histories of your online histories defines you, Keybase tried to solve this by people posting proofs to their channels. Tying all their social identities into one overall identity. It’s an interesting project, but it’s got a centralization problem too. We may need a similar idea, but built in a decentralized system. - If nothing else, the ability to add a backup key, or a GPG signature key for your account. That allows revocation of your identity if the keys are compromised or need rotation. Then clients can check if an account has revoked previous keys and show a history. And compromised accounts can be filtered from view, or if a new key is added and signed by GPG, rotated to the new identity.