It is not enough to just just a peer's locally stored proofs (this is fine for the POC) - we need to pull down a remote proof json doc, validate what HTTPS url it came from (github, reddit, etc) and verify the signature on the fly.
In the client this would be run every time a user examines the 'publicKeyCard' of a peer. I know Keybase does this as you see the verification icons chnage state when looking at another user's profile.
It is not enough to just just a peer's locally stored proofs (this is fine for the POC) - we need to pull down a remote proof json doc, validate what HTTPS url it came from (github, reddit, etc) and verify the signature on the fly.
In the client this would be run every time a user examines the 'publicKeyCard' of a peer. I know Keybase does this as you see the verification icons chnage state when looking at another user's profile.