@marcelias I wonder whether something that already exists could be leveraged? I loaded my public PGP/GPG key onto a public HockeyPuck server (HKP://). The key is trusted by peers. I wonder if we couldn't just link to that.

It's already used for software code signing, encryption etc.. to verify authenticity, right?