cypherpunk wannabe, engineer working on @frames /open-frames /opencast
https://stephancill.co.za create stories at https://stories.steer.fun

Developer 🤓 build, develop and operate Farcaster solutions @ dtech.vision also love tech, decentralization, fitness and oldschool rap 😎

I'm worried that Signers are not automatically expiring at some point.

This is a common practice in web2 (for API keys / tokens) and I believe Farcaster would greatly benefit form this as well (using a Farcaster epoch based timestamp).

any thoughts on this @stephancill  @samuellhuber.eth ?

a big difference vs web2 is that there is an explicit cost to creating a signer in the form of gas fees. this has way different UX implications to web2 API keys so it's not as simple as just expiring them unfortunately

i do agree that this is an important issue issue that needs to be addressed though

the second big difference: once a signer expires e.g. my SSH Keys to my Git I can

1) extend them
2) let them expire and keep what I did

farcaster deletes everything once a signer is expired, that would need to change. We'd only deelte everything on signer revokation, not expiry so it can expire gracefully

If I understood the concept correctly Signers do not expire yet but rather can be removed completely (which will prune all messages that are signed by that key). Expiring a key does not necessarily remove it from the list thus messages should not be pruned imho.