Suggestion: the ability to delegate to other keys

[ChristopherKing42]

To help keep your original private key locked down, I suggest the ability to delegate to other private keys by signing an endorsement.

1. Instead of signing a post with the original key, you can use the new delegated key.
2. In the event that the delegated key is leaked, the original key can sign a revokement. Now posts signed by the delegated key are considered invalid. So all old posts need to be signed by a new key (or just the original key).

So if my original key is A, I can sign a message endorsing key B and put key A in cold storage. If I lose key B, I can delegate to a new key C. If key B is compromised, I can sign a revokement with key A. Then I create a new key C and sign all of the old messages that I posted and signed with B (but not ones signed by an attacker).

In addition, each endorsement has a priority, which is a rational number attached to the endorsement. Instead of needing to use the original key to delegate and revoke, a delegated key can endorse keys with equal or lower priority and revoke keys with lower priority. For example, here's a set up I could do.

• After set up, the original key A is hidden in the artic
• I put key B, which has priority 4, in a safe
• I hide key C, which has priority 3, under my bed
• I put key D, which has priority 2, on my computer
• I put key E, which has priority 1, on my smartphone

This is pretty robust. For example, if E gets compromised, I don't need to go to the artic to find key A. I can just revoke it with key D and then make a new key E' for my smartphone (and sign all old authentic messages from E with E'). If key D is compromised during this process, I can use key C, etc...

In principle I think it could be done client side. Your original account delegates to another account. Delegated accounts are not visible on their own, but all their posts are displayed as if they were from the original account. If revoked, those messages disappear on the client side and need to be reposted.