Why on earth was the #ActivityPub protocol even let out the door without a well-specified and mandatory graceful, non-destructive key rotation scheme?
Yes I know the privacy issues. Those are not valid reasons to not have such a mechanism; it's a valid reason to not enable or use one.
What we're stuck with now is a ton of instances with absurdly long, legacy-algorithm keys (RSA-4096) with no way to replace them with shorter/better keys without effectively losing everything ever posted on the instance.
The protocol is only 7 years old! EC crypto was well-established at the time, and should have been the default.
And what happens once everyone has to replace the keys, because RSA is broken by quantum computers (I know, probably 100 years to go)? The #Fediverse will be a wasteland, with no instances trusting anything from any other instance, so all #Federation breaks down.
Sorry if I got some details wrong about what the protocol says. If I get flamed to death for being wrong, then I'll consider that a Good Thing(TM). I've been trying to find a way to rotate/replace keys for a while and all my searching turns up is either 1) confirmation that most people don't know or care about cryptography, or 2) https://socialhub.activitypub.rocks/t/key-rotation-notification/562 - which really isn't helpful.
If it is possible to gracefully rotate the key(s) of an instance/user, there really has to exist some documentation that explains clearly how to implement this in a server and how to exercise it as a server operator.