| I’m not sure why you seem to be getting wrapped around the axle here. There is zero need for a ‘key establishment’ message here. The platform has zero need to, or reason to even be aware of the existence of these keys. all it needs frankly, besides a simple WORM style ‘post that has a timestamp’ (with encoded signature + one time use pubkey embedded of course, which can be done compactly and in Base64).. The only ‘trust’ of the platform required would be that they aren’t tampering with timestamps or arbitrarily changing contents - and even then, the actual impact is quite limited correct? Since it would detect tampering of message contents, and timestamp changes are of dubious impact in most of these scenarios. At most someone could post the same thing as you (or similar) but under a different key - which no one could prove was you and would be anonymous. If there was someone you wanted to be able to verify it was from you, you could easily do so while remaining anonymous to everyone else. Usenet, HN, IRC, Twitter/X, or frankly any of a number of basic web forums would be fine. Accounts could be disposable, and probably should be to. That’s the whole point. None of this needs, or would really benefit from, specialized infrastructure besides some client side scripts that could easily just do cut/paste style interactions of messages to/from whatever medium was being used. I’d bet $20 this could even be implemented using GPG with some scripting. Unclear why anyone would care while we have major celebrities bleating out the color of their poop and their latest political crimes for all the world to hear though. |
The only benefit I see of publishing a public key there is giving other readers an out-of-band way to privately communicate with you, or yourself a way to establish continuity of your pseudonymous identity on other platforms. You'd never use it to sign anything you post on that platform itself, though, as that wouldn't serve any purpose.
If that's what you mean, I think I agree :)