@dansup I would prefer you didn't share keys. Http sigs should function as a remote authentication method. Sharing the keys makes it impossible to know that a message is from who it claims to be. That would mean enforcing blocks would require blocking everyone who shares that key.