[alexeldeib]

I was reading about algorand rekeying today, as well as DIDs and atproto/bluesky.

Both seem to use a “signed rotation” approach. Algorand keeps your public key stable while adding metadata that your spend key has changed and links the two. Atproto similarly uses the recovery key to sign a rotation op which can regenerate your signing key, additionally readjusting the tree to preattack state (by setting prev of the rotation to the last precompromise state).

This seems like an improvement of some kind, but still leaves gaps for lost keys. Keybase style approach, or multisig social recovery may also help.

[encryptluks2]

Until Algorand can remove the CGO requirements and libc JS dependencies then I hope it won't ever be considered for something like this. Let's not also forget about their terrible management.

[alexeldeib]

I wasn’t suggesting either of the technologies wholesale. The “signed rotation” commonality seemed interesting, with subtle differences. I’m curious to see where DIDs go, I’ve seen those crop up a few places.

UCAN also seems interesting, JWT with extra steps and attenuation. But orthogonal to this issue for the most part.