Key Management

[dholms]

We should deploy better key management strategies and helpers for user and devs to take advantage of.

This breaks down into 3 pieces:

• A secure in-browser storage solution for a user's device keys. This will likely take the form of a service worker that only responds to requests from approved hosts.
• Custodial key management for the user's root key. A hosted HSM that holds user's root private keys (or recovery keys) that signs updates or UCANs on the user's behalf after some sort of authentication flow (for instance an email link)
• Helpers for sovereign key management. Linking flows for a user to sign attenuated UCANs with their non-custodial private key. Whether this is held on a hardware device or a mobile wallet. This may include a "Sign in with Ethereum flow".

[dholms]

A couple of issues related to SIWE with UCANs:

• https://github.com/ucan-wg/spec/issues/11#issuecomment-1115911048
• https://github.com/ChainAgnostic/AMS-CASA-gathering/issues/19
• https://github.com/ipld/js-dag-ucan/issues/24