That's an interesting idea... instead of storing the bearer tokens associated with your internally-pointing ocaps (held by external users), salt and hash them. That way if your server is compromised the ocaps that other people hold to you internally can still be valid.
https://groups.google.com/d/msg/cap-talk/zGu5th2Lsxc/84PZ5TD2CwAJ
Follow
The ocaps *you* hold to *external* servers however... well... those will still be hosed. But it doesn't look like that can be solved without a certificate-style ocap approach, which doesn't work in the case of simple-linkable-ocaps like we need for protocols like ActivityPub.
