Ah. Now I finally understand where this tactic of discarding the private key comes from. ActivitPubâs technique probably comes from Signalâs Open Whisper double ratchet technique thatâs used by Whatâs App. This is effectively similar to TLS Perfect Forward Secrecy and the credit card industryâs DUKPT (Derived Unique Key Per Transaction):

In these schemes, the private key is NOT discarded (except by the Double Ratchet). Instead, a new key pair is derived from the original key pair so that a new, temporary key pair is used for each message. Yes, this is a technique used to counter attacks that can be applied when lots of messages are encrypted using the same key pair. But, each new key pair is always derived from the same original key pair thatâs verifiably associated with the entity thatâs represented (person, server, credit card).

Yes, thatâs a good technique to use. But, to use that you only need one public key published via your Solid Pod. You donât need to update the public key with each message. Instead, each message includes the technique used by the sender to derive the current encryption key. Then, the receiver can apply the same derivation formula to get the current decryption key.

Thatâs all generalities. As this specifically applies to Solid, the profile in the Pod would publish one Authentication public key, one Signing public key and maybe one Key Management public key. Those can then be used for the DUKPT technique without ever discarding the original key pairs. Yes, this is a good technique. Iâm glad I understand where youâre coming from. We want to use Solid Pods in our systems. But, if Solid incorrectly applies encryption techniques we would need to find another secure data store solution.