Replying to Avatar Basanta Goswami

Let's say you want to rotate keys, because you suspect it's been compromized. I'm a user who follows you so I would like to know the new key

Who's social graph does my client use to know the new key? If it's yours, then that graph could have been altered after the key got compromized, so it's not reliable. If I have to rely on my WoT, then somehow the people that I follow/trust would have to overlap with the people that you follow/trust
Avatar
Max 1mo ago

Its kind of up to the client implementation.

But as you say, in a compromised scenario we cannot trust relay lists, follows etc of that key.

The client could display all attestation events, with highlights for higher wot keys and follows / follows-of-follows. Arguably more information is better here, the algorithm can be simple or sophisticated.

Reply to this note

Please Login to reply.

Discussion

No replies yet.