This is really about mnemonic passphrase and key management, but what it really represents is Identity. How do we know a certificate has been issued to an individual? They have to own the private key associated with the public bitcoin address in a certificate
Our model for identity management now is simple. Generate a mnemonic passphrase, and that pretty much is your identity. You own all public bitcoin addresses that generate from that mnemonic, and that mnemonic alone.
Unfortunately, reality is a bit more messy, and it's very likely that an individual will want to have multiple keychains with different mnemonic passphrases associated with them. If you accidentally requested a certificate from a new phone before importing your old passphrase, you should still own any certificates issued to that address. So really, your identity isn't a single mnemonic, but a collection of mnemonics and their associated keychains.
We would need to add a handful of features to the iOS app to get this right.
1. Add a settings screen where you can see any keychains (& their mnemonics)
2. From that screen, you can add a new keychain. This can be seeded with a random mnemonic, or you can paste an existing one
3. When you add an issuer, you would need to be prompted about which keychain you would like to send that issuer a public address from.
4. Any keychains that have had public addresses sent to issuers can't be deleted.
There would also likely need to be some ability to name/rename these keychains to disambiguate them without revealing their mnemonic passphrase.
This feature is purely additive, so there's nothing to migrate in the UI.
We would likely need to change how the private mnemonics (and the # of public addresses) are stored in secure storage, but that would be a minor change.
Questions & Feedback
Do we need to support importing of individual private keys?
I'd argue no, or at least not yet. If that private address is on a keychain you know the mnemonic to, then you should import that mnemonic to get access to that private address. If you don't know the mnemonic, then that means someone is just handing you a private key and promising not to claim it as their own. I can't think of any secure case where a user would have the private key, but not the mnemonic associated with it
Should we encourage paper backup of these keys?
Yes, absolutely. There would be another issue for making the first-run experience highlight the importance of paper backups of all mnemonic phrases. That's just not what I want to talk about in this issue.