In our model we’re not leaning on delegation, because the identity key is secured in hardware, it’s generated inside a secure element and never leaves, so the leakage that makes key rotation necessary mostly isn’t on the table. What we’ve built on top is purely an access layer, a way to generate and rotate bunker URLs remotely, so you can add or cut off clients and change relays without ever touching the key itself.

Thanks for the link though very interesting, I’m checking it out.