Deferred from Epic B (plan fn-145, KEL-native commit verification; tracks #200).
Epic B's MVP uses a current-key policy: a commit verifies iff its signing key == the device's current key. Consequence: after a device key rotation (drt), that device's prior commits fail with the typed verdict SignedBySupersededKey.
The proper fix is signing-time verification: verify each commit's signature against the device key-state at the commit's KEL anchor, so a later rotation doesn't invalidate history. This needs per-commit anchoring into the KEL + event ordering, which depends on witness receipting (Epic D, #202).
Roadmap: docs/architecture/keri-only-roadmap.md:204 ("...current (or signing-time) key-state..."). Epic: #200.
Deferred from Epic B (plan
fn-145, KEL-native commit verification; tracks #200).Epic B's MVP uses a current-key policy: a commit verifies iff its signing key == the device's current key. Consequence: after a device key rotation (
drt), that device's prior commits fail with the typed verdictSignedBySupersededKey.The proper fix is signing-time verification: verify each commit's signature against the device key-state at the commit's KEL anchor, so a later rotation doesn't invalidate history. This needs per-commit anchoring into the KEL + event ordering, which depends on witness receipting (Epic D, #202).
Roadmap:
docs/architecture/keri-only-roadmap.md:204("...current (or signing-time) key-state..."). Epic: #200.