diff --git a/shared/protos/identity_auth.proto b/shared/protos/identity_auth.proto
--- a/shared/protos/identity_auth.proto
+++ b/shared/protos/identity_auth.proto
@@ -10,7 +10,8 @@
 // token through an interceptor, thus avoiding the need to explicitly pass
 // the credentials on every request
 service IdentityClientService {
-  // X3DH actions
+
+  /* X3DH actions */
 
   // Replenish one-time preKeys
   rpc UploadOneTimeKeys(UploadOneTimeKeysRequest)
@@ -34,6 +35,12 @@
   // the other user's username.
   rpc GetInboundKeysForUser(InboundKeysForUserRequest) returns
     (InboundKeysForUserResponse) {}
+  // Called by clients to get required keys for opening a connection
+  // to a user's keyserver
+  rpc GetKeyserverKeys(OutboundKeysForUserRequest) returns
+    (KeyserverKeysResponse) {}
+
+  /* Account actions */
 
   // Called by user to update password and receive new access token
   rpc UpdateUserPasswordStart(UpdateUserPasswordStartRequest) returns
@@ -46,10 +53,7 @@
   // Called by a user to delete their own account
   rpc DeleteUser(identity.unauth.Empty) returns (identity.unauth.Empty) {}
 
-  // Called by clients to get required keys for opening a connection
-  // to a user's keyserver
-  rpc GetKeyserverKeys(OutboundKeysForUserRequest) returns
-    (KeyserverKeysResponse) {}
+  /* Device list actions */
 
   // Returns device list history
   rpc GetDeviceListForUser(GetDeviceListRequest) returns
@@ -58,7 +62,7 @@
   rpc UpdateDeviceList(UpdateDeviceListRequest) returns
     (identity.unauth.Empty) {}
 
-  // Farcaster actions
+  /* Farcaster actions */
 
   // Called by an existing user to link their Farcaster account
   rpc LinkFarcasterAccount(LinkFarcasterAccountRequest) returns
@@ -67,6 +71,8 @@
   rpc UnlinkFarcasterAccount(identity.unauth.Empty) returns
     (identity.unauth.Empty) {}
 
+  /* Miscellaneous actions */
+
   rpc FindUserIdentity(UserIdentityRequest) returns (UserIdentityResponse) {}
 }
 
diff --git a/shared/protos/identity_unauth.proto b/shared/protos/identity_unauth.proto
--- a/shared/protos/identity_unauth.proto
+++ b/shared/protos/identity_unauth.proto
@@ -5,7 +5,7 @@
 // RPCs from a client (iOS, Android, or web) to identity service
 service IdentityClientService {
 
-  // Account actions
+  /* Account actions */
 
   // Called by user to register with the Identity Service (PAKE only)
   // Due to limitations of grpc-web, the Opaque challenge+response
@@ -22,6 +22,7 @@
     (OpaqueLoginStartResponse) {}
   rpc LogInPasswordUserFinish(OpaqueLoginFinishRequest) returns
     (AuthResponse) {}
+
   rpc LogInWalletUser(WalletAuthRequest) returns (AuthResponse) {}
   rpc RegisterWalletUser(WalletAuthRequest) returns (AuthResponse) {}
   rpc RegisterReservedWalletUser(ReservedWalletRegistrationRequest) returns
@@ -30,27 +31,22 @@
   rpc UploadKeysForRegisteredDeviceAndLogIn(SecondaryDeviceKeysUploadRequest)
     returns (AuthResponse) {}
 
-  // Sign-In with Ethereum actions
-
-  // Called by clients to get a nonce for a Sign-In with Ethereum message
-  rpc GenerateNonce(Empty) returns (GenerateNonceResponse) {}
-
-  // Service actions
+  /* Service actions */
 
   // Called by other services to verify a user's access token
   rpc VerifyUserAccessToken(VerifyUserAccessTokenRequest) returns
     (VerifyUserAccessTokenResponse) {}
 
-  // Ashoat's keyserver actions
+  /* Authoritative keyserver actions */
 
-  // Called by Ashoat's keyserver to add usernames to the Identity service's
-  // reserved list
+  // Called by authoritative keyserver to add usernames
+  // to the Identity service's reserved list
   rpc AddReservedUsernames(AddReservedUsernamesRequest) returns (Empty) {}
-  // Called by Ashoat's keyserver to remove usernames from the Identity
+  // Called by authoritative keyserver to remove usernames from the Identity
   // service's reserved list
   rpc RemoveReservedUsername(RemoveReservedUsernameRequest) returns (Empty) {}
 
-  // Miscellaneous actions
+  /* Miscellaneous actions */
 
   // Called by users periodically to check if their code version is supported
   rpc Ping(Empty) returns (Empty) {}
@@ -58,7 +54,12 @@
   // Returns userID for given username or wallet address
   rpc FindUserID(FindUserIDRequest) returns (FindUserIDResponse) {}
 
-  // Farcaster actions
+  // Called by clients to get a nonce for a Sign-In with Ethereum message
+  // or RPCs requiring challenge-response actions
+  rpc GenerateNonce(Empty) returns (GenerateNonceResponse) {}
+
+  /* Farcaster actions */
+
   rpc GetFarcasterUsers(GetFarcasterUsersRequest) returns
     (GetFarcasterUsersResponse) {}
 }
@@ -130,10 +131,10 @@
   string username = 2;
   // Information needed to open a new channel to current user's device
   DeviceKeyUpload device_key_upload = 3;
-  // Message from Ashoat's keyserver attesting that a given user has ownership
-  // of a given username
+  // Message from authoritative keyserver attesting that a given user 
+  // has ownership of a given username
   string keyserver_message = 4;
-  // Above message signed with Ashoat's keyserver's signing ed25519 key
+  // Above message signed with authoritative keyserver's signing ed25519 key
   string keyserver_signature = 5;
 }
 
@@ -205,10 +206,10 @@
   // Information specific to a user's device needed to open a new channel of
   // communication with this user
   DeviceKeyUpload device_key_upload = 3;
-  // Message from Ashoat's keyserver attesting that a given user has ownership
-  // of a given wallet address
+  // Message from authoritative keyserver attesting that a given user
+  // has ownership of a given wallet address
   string keyserver_message = 4;
-  // Above message signed with Ashoat's keyserver's signing ed25519 key
+  // Above message signed with authoritative keyserver's signing ed25519 key
   string keyserver_signature = 5;
 }
 
@@ -244,18 +245,18 @@
 // AddReservedUsernames
 
 message AddReservedUsernamesRequest {
-  // Message from Ashoat's keyserver containing the username to be added
+  // Message from authoritative keyserver containing the username to be added
   string message = 1;
-  // Above message signed with Ashoat's keyserver's signing ed25519 key
+  // Above message signed with authoritative keyserver's signing ed25519 key
   string signature = 2;
 }
 
 // RemoveReservedUsername
 
 message RemoveReservedUsernameRequest {
-  // Message from Ashoat's keyserver containing the username to be removed
+  // Message from authoritative keyserver containing the username to be removed
   string message = 1;
-  // Above message signed with Ashoat's keyserver's signing ed25519 key
+  // Above message signed with authoritative keyserver's signing ed25519 key
   string signature = 2;
 }
 
diff --git a/web/protobufs/identity-auth-client.cjs b/web/protobufs/identity-auth-client.cjs
--- a/web/protobufs/identity-auth-client.cjs
+++ b/web/protobufs/identity-auth-client.cjs
@@ -322,6 +322,67 @@
 };
 
 
+/**
+ * @const
+ * @type {!grpc.web.MethodDescriptor<
+ *   !proto.identity.auth.OutboundKeysForUserRequest,
+ *   !proto.identity.auth.KeyserverKeysResponse>}
+ */
+const methodDescriptor_IdentityClientService_GetKeyserverKeys = new grpc.web.MethodDescriptor(
+  '/identity.auth.IdentityClientService/GetKeyserverKeys',
+  grpc.web.MethodType.UNARY,
+  proto.identity.auth.OutboundKeysForUserRequest,
+  proto.identity.auth.KeyserverKeysResponse,
+  /**
+   * @param {!proto.identity.auth.OutboundKeysForUserRequest} request
+   * @return {!Uint8Array}
+   */
+  function(request) {
+    return request.serializeBinary();
+  },
+  proto.identity.auth.KeyserverKeysResponse.deserializeBinary
+);
+
+
+/**
+ * @param {!proto.identity.auth.OutboundKeysForUserRequest} request The
+ *     request proto
+ * @param {?Object<string, string>} metadata User defined
+ *     call metadata
+ * @param {function(?grpc.web.RpcError, ?proto.identity.auth.KeyserverKeysResponse)}
+ *     callback The callback function(error, response)
+ * @return {!grpc.web.ClientReadableStream<!proto.identity.auth.KeyserverKeysResponse>|undefined}
+ *     The XHR Node Readable Stream
+ */
+proto.identity.auth.IdentityClientServiceClient.prototype.getKeyserverKeys =
+    function(request, metadata, callback) {
+  return this.client_.rpcCall(this.hostname_ +
+      '/identity.auth.IdentityClientService/GetKeyserverKeys',
+      request,
+      metadata || {},
+      methodDescriptor_IdentityClientService_GetKeyserverKeys,
+      callback);
+};
+
+
+/**
+ * @param {!proto.identity.auth.OutboundKeysForUserRequest} request The
+ *     request proto
+ * @param {?Object<string, string>=} metadata User defined
+ *     call metadata
+ * @return {!Promise<!proto.identity.auth.KeyserverKeysResponse>}
+ *     Promise that resolves to the response
+ */
+proto.identity.auth.IdentityClientServicePromiseClient.prototype.getKeyserverKeys =
+    function(request, metadata) {
+  return this.client_.unaryCall(this.hostname_ +
+      '/identity.auth.IdentityClientService/GetKeyserverKeys',
+      request,
+      metadata || {},
+      methodDescriptor_IdentityClientService_GetKeyserverKeys);
+};
+
+
 /**
  * @const
  * @type {!grpc.web.MethodDescriptor<
@@ -566,67 +627,6 @@
 };
 
 
-/**
- * @const
- * @type {!grpc.web.MethodDescriptor<
- *   !proto.identity.auth.OutboundKeysForUserRequest,
- *   !proto.identity.auth.KeyserverKeysResponse>}
- */
-const methodDescriptor_IdentityClientService_GetKeyserverKeys = new grpc.web.MethodDescriptor(
-  '/identity.auth.IdentityClientService/GetKeyserverKeys',
-  grpc.web.MethodType.UNARY,
-  proto.identity.auth.OutboundKeysForUserRequest,
-  proto.identity.auth.KeyserverKeysResponse,
-  /**
-   * @param {!proto.identity.auth.OutboundKeysForUserRequest} request
-   * @return {!Uint8Array}
-   */
-  function(request) {
-    return request.serializeBinary();
-  },
-  proto.identity.auth.KeyserverKeysResponse.deserializeBinary
-);
-
-
-/**
- * @param {!proto.identity.auth.OutboundKeysForUserRequest} request The
- *     request proto
- * @param {?Object<string, string>} metadata User defined
- *     call metadata
- * @param {function(?grpc.web.RpcError, ?proto.identity.auth.KeyserverKeysResponse)}
- *     callback The callback function(error, response)
- * @return {!grpc.web.ClientReadableStream<!proto.identity.auth.KeyserverKeysResponse>|undefined}
- *     The XHR Node Readable Stream
- */
-proto.identity.auth.IdentityClientServiceClient.prototype.getKeyserverKeys =
-    function(request, metadata, callback) {
-  return this.client_.rpcCall(this.hostname_ +
-      '/identity.auth.IdentityClientService/GetKeyserverKeys',
-      request,
-      metadata || {},
-      methodDescriptor_IdentityClientService_GetKeyserverKeys,
-      callback);
-};
-
-
-/**
- * @param {!proto.identity.auth.OutboundKeysForUserRequest} request The
- *     request proto
- * @param {?Object<string, string>=} metadata User defined
- *     call metadata
- * @return {!Promise<!proto.identity.auth.KeyserverKeysResponse>}
- *     Promise that resolves to the response
- */
-proto.identity.auth.IdentityClientServicePromiseClient.prototype.getKeyserverKeys =
-    function(request, metadata) {
-  return this.client_.unaryCall(this.hostname_ +
-      '/identity.auth.IdentityClientService/GetKeyserverKeys',
-      request,
-      metadata || {},
-      methodDescriptor_IdentityClientService_GetKeyserverKeys);
-};
-
-
 /**
  * @const
  * @type {!grpc.web.MethodDescriptor<
diff --git a/web/protobufs/identity-auth-client.cjs.flow b/web/protobufs/identity-auth-client.cjs.flow
--- a/web/protobufs/identity-auth-client.cjs.flow
+++ b/web/protobufs/identity-auth-client.cjs.flow
@@ -39,6 +39,13 @@
                response: identityAuthStructs.InboundKeysForUserResponse) => void
   ): grpcWeb.ClientReadableStream<identityAuthStructs.InboundKeysForUserResponse>;
 
+  getKeyserverKeys(
+    request: identityAuthStructs.OutboundKeysForUserRequest,
+    metadata: grpcWeb.Metadata | void,
+    callback: (err: grpcWeb.RpcError,
+               response: identityAuthStructs.KeyserverKeysResponse) => void
+  ): grpcWeb.ClientReadableStream<identityAuthStructs.KeyserverKeysResponse>;
+
   updateUserPasswordStart(
     request: identityAuthStructs.UpdateUserPasswordStartRequest,
     metadata: grpcWeb.Metadata | void,
@@ -67,13 +74,6 @@
                response: identityStructs.Empty) => void
   ): grpcWeb.ClientReadableStream<identityStructs.Empty>;
 
-  getKeyserverKeys(
-    request: identityAuthStructs.OutboundKeysForUserRequest,
-    metadata: grpcWeb.Metadata | void,
-    callback: (err: grpcWeb.RpcError,
-               response: identityAuthStructs.KeyserverKeysResponse) => void
-  ): grpcWeb.ClientReadableStream<identityAuthStructs.KeyserverKeysResponse>;
-
   getDeviceListForUser(
     request: identityAuthStructs.GetDeviceListRequest,
     metadata: grpcWeb.Metadata | void,
@@ -135,6 +135,11 @@
     metadata?: grpcWeb.Metadata
   ): Promise<identityAuthStructs.InboundKeysForUserResponse>;
 
+  getKeyserverKeys(
+    request: identityAuthStructs.OutboundKeysForUserRequest,
+    metadata?: grpcWeb.Metadata
+  ): Promise<identityAuthStructs.KeyserverKeysResponse>;
+
   updateUserPasswordStart(
     request: identityAuthStructs.UpdateUserPasswordStartRequest,
     metadata?: grpcWeb.Metadata
@@ -155,11 +160,6 @@
     metadata?: grpcWeb.Metadata
   ): Promise<identityStructs.Empty>;
 
-  getKeyserverKeys(
-    request: identityAuthStructs.OutboundKeysForUserRequest,
-    metadata?: grpcWeb.Metadata
-  ): Promise<identityAuthStructs.KeyserverKeysResponse>;
-
   getDeviceListForUser(
     request: identityAuthStructs.GetDeviceListRequest,
     metadata?: grpcWeb.Metadata
diff --git a/web/protobufs/identity-unauth.cjs b/web/protobufs/identity-unauth.cjs
--- a/web/protobufs/identity-unauth.cjs
+++ b/web/protobufs/identity-unauth.cjs
@@ -625,67 +625,6 @@
 };
 
 
-/**
- * @const
- * @type {!grpc.web.MethodDescriptor<
- *   !proto.identity.unauth.Empty,
- *   !proto.identity.unauth.GenerateNonceResponse>}
- */
-const methodDescriptor_IdentityClientService_GenerateNonce = new grpc.web.MethodDescriptor(
-  '/identity.unauth.IdentityClientService/GenerateNonce',
-  grpc.web.MethodType.UNARY,
-  proto.identity.unauth.Empty,
-  proto.identity.unauth.GenerateNonceResponse,
-  /**
-   * @param {!proto.identity.unauth.Empty} request
-   * @return {!Uint8Array}
-   */
-  function(request) {
-    return request.serializeBinary();
-  },
-  proto.identity.unauth.GenerateNonceResponse.deserializeBinary
-);
-
-
-/**
- * @param {!proto.identity.unauth.Empty} request The
- *     request proto
- * @param {?Object<string, string>} metadata User defined
- *     call metadata
- * @param {function(?grpc.web.RpcError, ?proto.identity.unauth.GenerateNonceResponse)}
- *     callback The callback function(error, response)
- * @return {!grpc.web.ClientReadableStream<!proto.identity.unauth.GenerateNonceResponse>|undefined}
- *     The XHR Node Readable Stream
- */
-proto.identity.unauth.IdentityClientServiceClient.prototype.generateNonce =
-    function(request, metadata, callback) {
-  return this.client_.rpcCall(this.hostname_ +
-      '/identity.unauth.IdentityClientService/GenerateNonce',
-      request,
-      metadata || {},
-      methodDescriptor_IdentityClientService_GenerateNonce,
-      callback);
-};
-
-
-/**
- * @param {!proto.identity.unauth.Empty} request The
- *     request proto
- * @param {?Object<string, string>=} metadata User defined
- *     call metadata
- * @return {!Promise<!proto.identity.unauth.GenerateNonceResponse>}
- *     Promise that resolves to the response
- */
-proto.identity.unauth.IdentityClientServicePromiseClient.prototype.generateNonce =
-    function(request, metadata) {
-  return this.client_.unaryCall(this.hostname_ +
-      '/identity.unauth.IdentityClientService/GenerateNonce',
-      request,
-      metadata || {},
-      methodDescriptor_IdentityClientService_GenerateNonce);
-};
-
-
 /**
  * @const
  * @type {!grpc.web.MethodDescriptor<
@@ -991,6 +930,67 @@
 };
 
 
+/**
+ * @const
+ * @type {!grpc.web.MethodDescriptor<
+ *   !proto.identity.unauth.Empty,
+ *   !proto.identity.unauth.GenerateNonceResponse>}
+ */
+const methodDescriptor_IdentityClientService_GenerateNonce = new grpc.web.MethodDescriptor(
+  '/identity.unauth.IdentityClientService/GenerateNonce',
+  grpc.web.MethodType.UNARY,
+  proto.identity.unauth.Empty,
+  proto.identity.unauth.GenerateNonceResponse,
+  /**
+   * @param {!proto.identity.unauth.Empty} request
+   * @return {!Uint8Array}
+   */
+  function(request) {
+    return request.serializeBinary();
+  },
+  proto.identity.unauth.GenerateNonceResponse.deserializeBinary
+);
+
+
+/**
+ * @param {!proto.identity.unauth.Empty} request The
+ *     request proto
+ * @param {?Object<string, string>} metadata User defined
+ *     call metadata
+ * @param {function(?grpc.web.RpcError, ?proto.identity.unauth.GenerateNonceResponse)}
+ *     callback The callback function(error, response)
+ * @return {!grpc.web.ClientReadableStream<!proto.identity.unauth.GenerateNonceResponse>|undefined}
+ *     The XHR Node Readable Stream
+ */
+proto.identity.unauth.IdentityClientServiceClient.prototype.generateNonce =
+    function(request, metadata, callback) {
+  return this.client_.rpcCall(this.hostname_ +
+      '/identity.unauth.IdentityClientService/GenerateNonce',
+      request,
+      metadata || {},
+      methodDescriptor_IdentityClientService_GenerateNonce,
+      callback);
+};
+
+
+/**
+ * @param {!proto.identity.unauth.Empty} request The
+ *     request proto
+ * @param {?Object<string, string>=} metadata User defined
+ *     call metadata
+ * @return {!Promise<!proto.identity.unauth.GenerateNonceResponse>}
+ *     Promise that resolves to the response
+ */
+proto.identity.unauth.IdentityClientServicePromiseClient.prototype.generateNonce =
+    function(request, metadata) {
+  return this.client_.unaryCall(this.hostname_ +
+      '/identity.unauth.IdentityClientService/GenerateNonce',
+      request,
+      metadata || {},
+      methodDescriptor_IdentityClientService_GenerateNonce);
+};
+
+
 /**
  * @const
  * @type {!grpc.web.MethodDescriptor<
diff --git a/web/protobufs/identity-unauth.cjs.flow b/web/protobufs/identity-unauth.cjs.flow
--- a/web/protobufs/identity-unauth.cjs.flow
+++ b/web/protobufs/identity-unauth.cjs.flow
@@ -72,13 +72,6 @@
                response: identityStructs.AuthResponse) => void
   ): grpcWeb.ClientReadableStream<identityStructs.AuthResponse>;
 
-  generateNonce(
-    request: identityStructs.Empty,
-    metadata: grpcWeb.Metadata | void,
-    callback: (err: grpcWeb.RpcError,
-               response: identityStructs.GenerateNonceResponse) => void
-  ): grpcWeb.ClientReadableStream<identityStructs.GenerateNonceResponse>;
-
   verifyUserAccessToken(
     request: identityStructs.VerifyUserAccessTokenRequest,
     metadata: grpcWeb.Metadata | void,
@@ -114,6 +107,13 @@
                response: identityStructs.FindUserIDResponse) => void
   ): grpcWeb.ClientReadableStream<identityStructs.FindUserIDResponse>;
 
+  generateNonce(
+    request: identityStructs.Empty,
+    metadata: grpcWeb.Metadata | void,
+    callback: (err: grpcWeb.RpcError,
+               response: identityStructs.GenerateNonceResponse) => void
+  ): grpcWeb.ClientReadableStream<identityStructs.GenerateNonceResponse>;
+
   getFarcasterUsers(
     request: identityStructs.GetFarcasterUsersRequest,
     metadata: grpcWeb.Metadata | void,
@@ -172,11 +172,6 @@
     metadata?: grpcWeb.Metadata
   ): Promise<identityStructs.AuthResponse>;
 
-  generateNonce(
-    request: identityStructs.Empty,
-    metadata?: grpcWeb.Metadata
-  ): Promise<identityStructs.GenerateNonceResponse>;
-
   verifyUserAccessToken(
     request: identityStructs.VerifyUserAccessTokenRequest,
     metadata?: grpcWeb.Metadata
@@ -202,6 +197,11 @@
     metadata?: grpcWeb.Metadata
   ): Promise<identityStructs.FindUserIDResponse>;
 
+  generateNonce(
+    request: identityStructs.Empty,
+    metadata?: grpcWeb.Metadata
+  ): Promise<identityStructs.GenerateNonceResponse>;
+
   getFarcasterUsers(
     request: identityStructs.GetFarcasterUsersRequest,
     metadata?: grpcWeb.Metadata