I’ve been thinking about P2P systems using asymmetric keys and wondering if there is anyway to recover an identity in the event it was compromised using some kind of web-of-trust.
This seems to be a large issue compared to a regular system (using a central authority) that can remove the intruder's access and restore control of the account to the real owner (Digicert, facebook, twitter, etc...).
What if a master key was generated and used to create a subkey. Then using 16+ random bytes the master keys private component could be encrypted. The owner could choose 5+ nodes on the network (friends?) to store parts of the secret and erase it's knowledge of those bytes.
The subkey would be the user identity (with it's own AES password protecting the private part). Should this client get phished, forget their password, or someone steal their sub-key private component, we could use the peers to restore the master key and revoke this subkey.
I'm not sure how this would work other than the client sending a request to each node and them verifying the client though some out-of-bands way (phone call? Text?) before sending their part of the master key password.
Would this work? Are their any existing solutions to this problem?