This is great. Wondering if the current year PGP key needs to or should also first sign the next year's key, authenticating a chain? Maybe I'm missing something about the rotation process.
I'm honestly curious how many people I am going to piss off with this piece
https://untraceabledigitaldissident.com/pgp-nostr-digital-ownership-identity/
Discussion
You can chain sign yearly keys, but it isn’t required. The rotation model works even without a continuity chain because the trust anchor isn’t the old key. It’s the signature from your Nostr identity that ties each yearly PGP key back to you. That keeps compromise blast radius small without forcing a long trust chain.
Replied in DM