A simple question on the Hubzilla Support Forum turned into a fascinating discussion about how you can’t reuse channel addresses (identity@example.social
) ever again because some clients/instances will treat it as a forged identity if a new set of keys are issued.
One of many example scenarios given were a university screwing up their fediverse instance/hub and having to reinstall it, only to find out that they can’t use admissions@example.edu
ever again because other instances will silently ban or ignore it (treat it as forged).
I can understand why this would be done, but I don’t believe that is a sustainable policy in the long run as the fediverse grows. You also have situations where it is desirable or even necessary to change keys, perhaps because a private key was leaked.
Perhaps it could be handled the following way:
-
If the keys are different for a channel address (
channel@example.tld
), then treat it as if it was a new channel. Have some standard or recommended way of indicating that the old ID and new ID may not be the same person. -
If the identity provider declares that a key change has been made, and can verify that both the old key and the new key both belong to the same identity, then treat the new key as the correct one, and reject the old key as being forged for all future correspondence.
This would handle both lost keys (with account recreation being treated as a separate new account) and key revocation/reissue.
How do you think key changes should be handled via ActivityPub?
The conversation, for reference: