@macgirvin So is an identity in this system paired with a keypair for life? Just trying to understand!
It is currently and that's a known issue. I've got a few ideas for solving it, but time is short and it's doubtful I'll finish this while I'm still alive. Basically do the same thing for identity hashes that we do for location. You can have more than one keypair and more than one resultant hash. In most cases we'll keep the old one and add additional hashes using the new key, but if you've been hijacked, you can choose to nullify one. The only trick is making sure that you're nullifying it and not the bad guy. You can keep an offline private key to do this and prove you're the true account holder, but now you're getting into territory that average humans won't be able to grasp and will find too cumbersome or fiddly to deal with.
macgirvin at 2017-07-24T08:59:56Z
Christopher Allan Webber likes this.
It's definitely a tricky problem; the DID spec (which you may find interesting if you haven't read it) tries to allow for ways for keys to be revoked or even replaced even in the case of key loss (basically, here's 5 people I'm baking into my identifier by saying I trust them, if three out of five say that actually $X is my new key, that's enough to replace it) but obviously that too can have sharp edges...