As part of proposal 007 we will be able to rotate the baking key, which is great. There will be a new key - consensus key - whose job is primarily to make baking and endorsement operations.
Based on recent AMA I understand the consensus key will be spendable, so it won’t be different from the baking key as of today - except the ability to rotate it. But moving forward, should the consensus key become non-spendable ? Meaning, it can only sign baking and endorsements, but not transfers ?
The case has been made that it should remain spendable. The argument for it, as far as I understand it, is two-fold:
having the consensus key spendable makes it a “bounty”, meaning, it’s a high-value target for attack, in which the attacker walks away with valuable tokens. So it encourages people to secure their setup as they do today. A non-spendable consensus key is not a target for an attacker motivated by financial gain, but it is still a target for someone wanting to cause harm to the network. It would lead bakers to sloppiness.
a non-spendable consensus key can be transferred to a third-party, giving the possibility for bakers to outsource their operations. This represents a centralization risk, as we may see intermediary entities emerge which have control over a large stake of the network.
I would like to present a contrarian view:
Against argument 1: a spendable consensus key should be handled with extreme care, so it may shy people away from setting up an independent baking operation due to “fear of messing up”. Also, in computer security, making the argument that the attack surface should NOT be reduced in order not to induce sloppiness is counter productive, not unlike the “security by obscurity” argument.
Against argument 2: the vast majority of tokens are in custody today (look at the top 3 bakers). Some bakers outsourcing their operation to intermediaries by shipping them a non-spendable consensus key on a regular basis may encourage people to take custody of their assets.
The distribution of stake in a world where a non-spendable consensus key exists will be between custodians, baking intermediaries, and independent bakers, which is more decentralized than today.