Currently, an actor's certificate is a) set then signing up and b) can't be changed. There are two problems with this: the first issue is that if we want to switch to an oauth2/openid connect provider (#19), we don't have the signup process any more. Second issue is that if an actor loses access to its certificate (e.g. because a user forgets their password and they therefore cannot decrypt the secret key material), there's no way to at least keep the account. Ofc, updating/changing an actors' certificate ultimately destroys all trust.
Currently, an actor's certificate is a) set then signing up and b) can't be changed. There are two problems with this: the first issue is that if we want to switch to an oauth2/openid connect provider (#19), we don't have the signup process any more. Second issue is that if an actor loses access to its certificate (e.g. because a user forgets their password and they therefore cannot decrypt the secret key material), there's no way to at least keep the account. Ofc, updating/changing an actors' certificate ultimately destroys all trust.