Identity lives as close to the user as possible. Not "I have an account on server X" — "I am this key, and I choose to talk to server X."
Cryptographic identity (DID). An ed25519 keypair, expressed as did:key. Self-generated on first boot. No authority issued it. No authority can revoke it. Used for signatures, verification, peer authentication.
Every QNTX node has one. Every user has one (derived from biometrics via WebAuthn PRF). The DID is the anchor — everything else references it.
Human identity (vanity name). What others call you. SBVH, QNTX, amber-fox-7k. Generated by teranos/vanity-id — collision-aware, human-readable, memorable.
A name→DID binding isn't stored in a registry. It's attested by peers.
The more nodes attest "DID z6Mk... is known as SBVH", the stronger the binding becomes. This is web of trust expressed as QNTX attestations — the same primitive that already handles everything else.
Short names emerge from reputation. Maintainer nodes attest early, their attestations propagate through the sync protocol. A newcomer claiming an established name has zero attestations against a well-attested binding. No collision registry needed — the network's agreement is the registry.
Your biometric derives your user DID. That's permanent — your identity.
Your node holds its own node DID. When you authenticate (fingerprint, Face ID), your user DID signs a delegation: "node X may act on my behalf until time T."
Peers verify the chain: is this node DID delegated by a user DID I trust? Is the delegation still valid?
After expiry, the node can't act until you re-authenticate. No revocation infrastructure. No Vault unsealing ceremony. No break glass procedure. Delegations just die. Compromised node? Damage window bounded by delegation lifetime. Re-authenticate to issue a new one.
A QNTX node's DID and its Reticulum destination identity can be the same ed25519 keypair. Unified identity — no mapping layer. An attestation signed by DID z6Mk... can be verified by anyone who can address Reticulum destination z6Mk....
This answers the open question from reticulum.md: yes, a QNTX actor should be a Reticulum identity.
did:key on first boot, serves it at /.well-known/did.json (#575)