That’s exactly my point. The gold standard would be a key signing party, but given that humans don’t tend to talk to each other in meat space much these days, it’s more of a rare occurrence than it used to be. I don’t really know what the ideal solution would be that would be a good mix of trust, privacy, and ease of use though.
I am probably at a similar experience level to OP and have wondered the following: is there a commonly used, or agreed upon repository for identity verification with PGP or similar? It would be a useful thing to use, the problem is that if you’re posting something to a public space, not everyone may have access to your public key for verification. Including the key in the message doesn’t seem like it would help much, since someone else could just generate two new keys and still claim to be you without any affiliation. Am I wrong about this? Thanks.