That’s fair, and would be an instance of intentionally loosening requirements based on a smaller set of use cases we want to focus on.
We’ll just need to be very explicit in our documentation, especially because the guarantees of anchoring have been part of the protocol for so long that app developers expect it to be present.
I feel like we’ve substantially reduced complexity and points of failure with the latest self-anchoring design but yes, it’s still going to be complex, and we’re also going to need multi-prev to plug in some holes.
We’ll have to decide whether that’s more effort than we’re willing to invest for the use cases they would serve.
Separating Anchoring out from Streaming would also have the advantage of letting us punt on the implementation without precluding the possibility of implementing it at a later time.
I would challenge this. If we have reason to believe that anchoring is holding us back now, I think there is a world in which we commit to adding event revocation in the future, but hold off on implementation. Just like we’re holding off on implementing Event validation (which is a much bigger problem imo).
This is a reason I actually like spencers proposal. While we would remove time enforcement from the core protocol, we would still enforce it everywhere else. Making it hard for devs to do the wrong thing.
We would make the Ceramic-one “add event” API only accept writes with valid OCAPs, and we would make client side libraries rotate OCAPs often. Setting the norm that keys are short lived.
This is a great point and I think we are reaching the point where the strict guarantees we provide with anchoring are actually limiting the types of use cases we can serve.
This is my biggeset worry about this direction. We do have customers that rely on timestamping, not for key rotation, but for historical record. Changing this would break that, so there needs to be a way to solve that problem, even if that’s just pointing at some alternative solution.
These points scare me 
We would be:
Do we feel like implementing self-anchoring will slow us down that much? Additionally, will not anchoring + explicit OCAP revocation need no engineering work, or will there still be some work required to allow the system to continue working, especially with tons of legacy data? I suspect that it’ll be the latter.
Self-anchoring will be at most a few cycles of work and uses an approach that not only cleanly separates anchoring out as its own subsystem but also simplifies a lot of the complexity of the current anchoring system. Would it make sense to implement self-anchoring anyway, even if we decide to deprecate or make it optional it later?
This will definitely be a massive change in our behavior and guarantees. Without anchoring, we’re more like the latest iteration of Iroh. By focusing more on p2p collaboration cases would we be weakening our value proposition?
Additionally, would the use cases of our biggest partners (current or potential) work without significant disruption if we were to remove anchoring and rely on explicit OCAP revocation?
We don’t really know if self-anchoring will definitely solve the pain points that we’ve heard from developers building on ceramic. We do know that if we didn’t do anchoring those pain points wouldn’t exist. There might be other problems that emerge from not doing anchoring though.
Yes, should we enumerate some of those pain points and talk through them as well? I’m assuming expired CACAOs are the chief complaint, or are there more?
I feel like we might have a better handle on issues related to anchoring and would have an easier time figuring them out. I also don’t feel like it has to be either-or, especially if we can cleanly separate Anchoring out of Streaming.
Yes, that’s my main concern here. We don’t yet know enough about the edge-cases without anchoring 