[zootboy]

> THIS IS ALWAYS A BAD IDEA because once any account is compromised, ALL OTHER ACCOUNTS with locally stored keys ARE ALSO COMPROMISED.

This is not universally true. If you generate separate private keys for each server-client pair, compromising one private key will limit the damage to just the one server.

[ananonymoususer]

That is just not true. It may be the case if the key itself is compromised, but consider that you may have many different accounts scattered on different servers. Once one of them is compromised, the attacker now has access to every other account because they are all chained together.

[shawnz]

Can you describe the attack scenario you're imagining in a bit more detail? Because that doesn't sound possible to me.

[aaronAgain]

Yeah, the argument you are making about all keys being compromised doesn't make sense. You are leaving out a key assumption in your setup, and without it is not possible (for us) to accept the chained compromise you are describing.