Cool. The key-change part feels especially important. Also agree with that “tamper-evident, signed history of keys” — it makes key changes safer, more visible, and easier to reason about.
The other key challenge is recovery. Users will lose devices and keys, so multi-key design is necessary, but it has to be done without quietly reintroducing server trust.
The other key challenge is recovery. Users will lose devices and keys, so multi-key design is necessary, but it has to be done without quietly reintroducing server trust.