If you fetch the key every time you need it you won’t be able validate deletes to an actor, plus the cost of fetching the actor for every message. If you use the cached version you risk accepting messages signed with an old key, and rejecting messages signed with a new key.
Do we need something like: attempt to validation with cached key, and check for a newer version if that fails. Periodically check for updated keys and/or check for an updated key if the cached version is too old?
I did not found documentation of this topic but from what I remember from some implementations (mastodon, nextcloud social) they adopted the “refresh on fail” strategy.
Periodically refreshing the user profiles might also be useful to keep other Actors’s metadata up to date too.
While keys don’t change often, it’s kind of concerning that an old compromised key will continue to be accepted forever. At least with retry on fail any server that receives a message with the new key should discard the old.
I mean that old keys can continue to live on instances that aren’t receiving messages with the new key. In practice any instances with followers should get new key quickly, so it’s probably not a real worry. Ideally we’d attach an expiry date to keys and expect instances to re-fetch expired keys.