@ghosttie it's public, so either Bob can send it to Alice, or if it's part of a system like Signal, then the public key is part (maybe hidden /abstracted) of the user profile data.

@dacmot how does Alice know that's Bob's actual public key and not Mallory's?

@ghosttie @dacmot I think you need a second communication channel. And something to corroborate that multiple channels are controlled by the same person. The most surefire way is to meet in person and confirm the keys. I don't think there's a purely technical way to solve this without putting trust into some central authority. It's inherently a social problem.