-
Notifications
You must be signed in to change notification settings - Fork 6
custodial rotation
Henk van Cann edited this page Dec 29, 2024
·
3 revisions
Rotation is based on control authority that is split between two key sets. The first for signing authority and the second (pre-rotated) for rotation authority, the associated thresholds and key list can be structured so that a designated custodial agent can hold signing authority, while the original controller can hold exclusive rotation authority.
Partial pre-rotation supports the vital use case of custodial key rotation to authorize a custodial agent.
Paraphrased by @henkvancann based on the IETF-KERI draft 2022 by Samual Smith.