<rsbecker@xxxxxxxxxxxxx> writes: > Could we not use SSH's ssh-keygen -V for this purpose when establishing > persistent identities independent of user/email? We already do this for > signed commits. Fingerprint of cryptographic key would be easy to use as an identity, for which the person who claims ownership can easily produce proof of ownership. Various other "identitying strings" like human readable name and e-mail addresses from different validity periods can be all tied to such an identity. Taking key revocation into account, keys from different validity period may have to be tied together in a same way. "The person who used to sign the commits with key A and the person who signs the commits with key B are the same, and in real life, they are known as A. U. Thor" But proving that such a mapping is in a meaningful way is much harder, I would imagine, but perhaps addresses and human readable names do not matter as much. Or continuity of identity, for that matter. I dunno.
