Should one be able to publish a portable object that is repudiable? IIUC, FEP-ef61 portable objects (identified by ‘ap’ URIs) require FEP-8b32 integrity proofs, so they are non-repudiable. On the other hand, FEP-c390 identity proofs establishes links between DIDs and HTTP(S) actors, but they don’t make objects portable. So that seems to be not possible with current proposals.
I’m curious because there are cases where one doesn’t want non-repudiation. For example, you don’t want your private message to be disclosed by the recipient in a publicly verifiable way. But that does not necessarily mean that you don’t want the object to be portable.
this could work but only if the rotation was a “blind rotation”, i.e. without a verifiable log of the old key being associated with the identity. if there is a log of the key rotation, then no.
more pressingly, if the key is your identity, then it cannot be rotated without also fundamentally changing your identity. so key rotation with repudiation requires a non-key identity – in other words, a name (and authoritative name server) or description (and a way of asserting trusted claims that match the description).
from what i understood of the paper, it seems this is just delegating signatures to some authority who can sign things on your behalf. you can then claim the authority forged signatures on your behalf. it’s basically like how fedi uses custodial keys in most cases.
The core idea is replacing HTTP(S) URIs with server-independent identifiers: ap:// URIs that use a Decentralized Identifier (DID) as the authority component, rather than a domain name. An object identified as ap://did:key:z6Mk…/actor can live on multiple servers simultaneously and survives any single server disappearing.