@prologic@twtxt.net Re: Chat system, What if the base specification included a system for per-user arbitrary JSON storage on the server? Kind of like XEP-0049, but expanded upon. Two kinds of objects: public and private. Public objects can be queried by anyone, private objects cannot and must be encrypted with the user’s private key. Public keys could be stored there, as well as anything else defined by extensions. Roster, user block list, avatar, etc.
For instance I normally use the same RSA key/pair on all my workstations for my ssh client, because that’s me, no-matter where I am. The only exception to this rule is I usually create a separate key for any “work” / “ company” I am a part of.
I would HIGHLY recommend reading up on the keybase architecture. They designed device key system for real time chat that is e2e secure. https://book.keybase.io/security
A property of ec keys is deriving new keys that can be determined to be “on curve.” bitcoin has some BIPs that derive single use keys for every transaction connected to a wallet. And be derived as either public or private chains. https://qvault.io/security/bip-32-watch-only-wallets/