Hi, @hloo! Thanks for the feedback. I have to say that I have heard loud and clear that a large number of people have a very strong objection to the notion of expiring stale money.

Not only in the previous AMA — where I think it was the biggest topic — but in numerous private conversations with lots of different stakeholders, I've heard strong discomfort with the idea of people having to proactively touch their private keys to the internet in order to keep their funds.

So I'm definitely reconsidering my stated intention to shift to a protocol that treats sufficiently old, unmaintained private keys as invalid.

I'm not entirely satisfied with the obvious alternative of indefinitely valid private keys, either, for various reasons.

One of the reasons is the previously discussed measurement of the shrinkage of the monetary base, which I value more than most people appear to value.

But another is the ability to shed technical debt. If private keys are valid indefinitely, then it is impossible to ever move to a codebase which implements only new and improved crypto. I don't want to insist — against strong objections from the users — that I'm going to cease supporting ECDSA keys two years from now, but nor do I want to give people the idea that I'm committed to continuing to support ECDSA keys for ten years. Neither is true, currently.

One possibility may be that this could be part of The Future Friendly Fork (https://z.cash/blog/future-friendly-fork.html). Maybe we could have one branch of the blockchain and the software which can assume that everyone else has kept their software and their private keys up to date annually, and another branch that strives to maintain backward compatibility and preservation of funds as long as possible. “Dyna-zcash” and “perma-zcash”