Feature Request: PGP Integration for Identity Verification #209
Description
Description / Use Case
Integrate PGP public keys into Gravatar profiles to enable cryptographic identity verification. This would allow users to prove ownership of their profile, enhancing trust and preventing impersonation. It would also turn Gravatar into a massive, easily searchable directory for PGP public keys, facilitating secure communication, much like Keyoxide.
Proposed Solution
- Add Key: Users add their PGP public key to their Gravatar profile.
- Verify Ownership: Gravatar provides a unique text string for the user to sign with their corresponding private key.
- Confirm Signature: The user submits the generated signature, which Gravatar's backend verifies.
- Display Proof: Upon successful verification, the profile displays a "verified" badge, the key fingerprint, and a link to the public key, with this data also available via the Gravatar API.
Alternatives
The main alternative is using separate services like Keyoxide. However, Gravatar's widespread integration offers a unique opportunity to bring this functionality to millions of users seamlessly. While protocols like OAuth and OIDC can verify account access, PGP provides a stronger, more portable cryptographic proof of identity.
Additional Information
This feature is inspired by Keyoxide's successful implementation of PGP-based identity proofs. Adopting this model would evolve Gravatar from an avatar service into a fundamental tool for modern, decentralized digital identity.