Was thinking about this, but I'd prefer the key app to not have any networking capabilities. It could still do remote signing, if the local relay gets the nsecbunker events.