↳
In-reply-to
»
@prologic Some criticisms and a possible alternative direction:
⤋ Read More
Key rotation
Key rotation is useful for security reasons, but I don’t think it’s necessary here because it’s only used for verifying one’s identity. It’s no different (to me) than Nostr or a cryptocurrency. You change your key, you change your identity.
It makes maintaining a feed more complicated.
This is an additional step that you’d have to perform, but I definitely wouldn’t want to require it for compatibility reasons. I don’t see it as any more complicated than computing twt hashes for each post, which already requires you to have a non-trivial client application.
Instead, maybe…allow old urls to be rotated out?
That could absolutely work and might be a better solution than signatures.
HTTPS is supposed to do