[nazcan]

I find it interesting how this all comes down to what do you trust. Like.. why not <1 minute keys? Or 1-request?

[MartinodF]

We do a lot of request signing (think AWS sigv4a) which practically speaking amounts to 1-request.

[ignoramous]

> why not ... 1-request

You kid, but: https://en.wikipedia.org/wiki/Hash-based_cryptography

also: https://www.imperialviolet.org/2013/07/18/hashsig.html (2013).