- node.rotate-did: generates new Ed25519 keypair, signs rotation proof with old key, overwrites identity files, requires password - federation.notify-did-change: broadcasts rotation proof to all trusted/observer peers over Tor - federation.peer-did-changed: receiving side verifies rotation proof against known pubkey before updating peer's DID - Rate-limited: 3/600s for rotation, 5/60s for peer notification - Signature verification uses ed25519_dalek (constant-time) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3.9 KiB
3.9 KiB