People always talk about webs of trust and so on, but actually, that's not what really matters.
What you want to prove is that the same person who controls these:
https://kaniini.dereferenced.org/
https://github.com/kaniini
Also controls:
https://pleroma.site/users/kaniini
This proves it's the same person and the UI can reward them with a checkmark.
IndieWeb has the basis of a good solution for this since 2008, called rel=me.
You can read about it at http://microformats.org/wiki/rel-me and then come back to this thread, probably not a half bad idea really.
Here is the gist of how this would work. In various software, you would set a list of links to things that are also you.
So, on pleroma.site, you would link to:
https://kaniini.dereferenced.org/
https://github.com/kaniini
And so on, forming a cyclic graph of rel=me links.
Whether or not an identity node is valid can be determined by following the cyclic graph and seeing if the graph is complete. If it is, then you get the checkmark. If it's not, then you don't.
This, incidentally, is similar in nature to the the concept behind my ActivityPub alsoKnownAs proposal, but there it is just checking AP objects for completeness instead of webpages.
Note that no cryptography or anything else is involved in this, it's just following links around on things known to be controlled.
What you want to prove is that the same person who controls these:
https://kaniini.dereferenced.org/
https://github.com/kaniini
Also controls:
https://pleroma.site/users/kaniini
This proves it's the same person and the UI can reward them with a checkmark.
IndieWeb has the basis of a good solution for this since 2008, called rel=me.
You can read about it at http://microformats.org/wiki/rel-me and then come back to this thread, probably not a half bad idea really.
Here is the gist of how this would work. In various software, you would set a list of links to things that are also you.
So, on pleroma.site, you would link to:
https://kaniini.dereferenced.org/
https://github.com/kaniini
And so on, forming a cyclic graph of rel=me links.
Whether or not an identity node is valid can be determined by following the cyclic graph and seeing if the graph is complete. If it is, then you get the checkmark. If it's not, then you don't.
This, incidentally, is similar in nature to the the concept behind my ActivityPub alsoKnownAs proposal, but there it is just checking AP objects for completeness instead of webpages.
Note that no cryptography or anything else is involved in this, it's just following links around on things known to be controlled.