Blind key rotation does allow for some privacy features, sure, but key rotation is a normal thing. Consider the fact that the most commonly encryption systems on the web (TLS certificates, GPG, etc.) make expiration, rotation, and revocation central to how they work. I think it can and will be a normal thing to rotate keys periodically without having to trash all old content because the signatures are no longer verifiable.
Keys are treated as different from all other objects, which seems really weird. Each object has a unique ID, so why not give keys unique IDs?
- Actor foo with key #mainkey creates note-1234
- Actor foo rotates key #mainkey
- Downstream server receives note-1234, attempts to verify it but cannot
Also, the spec is a little vague about key fetching. If I recall correctly, it says that key ids should be an endpoint that returns the key with a HTTP GET request, but it doesn’t say if the response should be the key body or the ld+json structure that contains the key data.
Practically, if the expected behavior is that instance, particularly large ones, are expected to trash instance and user data, that’s going to damage the ecosystem and hurt adoption. Not being able to rotate (expire, revoke, notify, etc.) makes it more difficult for users to own their data, instance operators deal with security problems, and deal with bad actors on the federation network.
It is also worth noting that blind rotation and having unique key identifiers aren’t in opposition to eachother. As an instance operator, I can still rotate a user’s key and not notify anyone, but still have a unique identifier for the newly created key.