I find it interesting how this all comes down to what do you trust. Like.. why not <1 minute keys? Or 1-request?
We do a lot of request signing (think AWS sigv4a) which practically speaking amounts to 1-request.
alt Hacker News
We do a lot of request signing (think AWS sigv4a) which practically speaking amounts to 1-request.