@lina@tech.lgbtwarning: long post ahead; probably screenreader unfriendly
i wonder would it be possible to add some sort of "identity servers" to fedi so that, let's say i'm @lina@lina.moe even tho i'm using a mastodon instance hosted elsewhere
could see that as a hierarchy? of keypairs
let's say i use tech.lgbt as my mastodon server, meaning it has generated a keypair, perhaps `tech.lgbt/@lina@lina.moe#mainkey`
identity server would then sign the public key, so the Actor object would have this?
```
{
// ...
"identity": "https://lina.moe/lina",
"publicKeyPem": {
"id": "https://tech.lgbt/@lina@lina.moe#mainkey",
"publicKeyPem": "...",
"signature": "..."
}
}
```
and the identity server would be able to verify the signature to say "yes that's lina" or "no she's being impersonated"
please boost so that i get feedback on how weird and impossible this idea is and maybe if someone has actually implemented smth similar before 
@lina in theory, I think it would be possible to distribute an actor (user) private key to multiple servers. Then any of those instances could publish content on behalf of that user. That same key could be used as part of an authenticated remote fetch to allow any instance to see the user's private notes and DMs. But trying to do that securely... 
@lina How identity is handled in fedi is one of my main pet-peeves about it. I would love to see a key-based distributed identity framework like this!
@lina You can already do a lightweight version of this via WebFinger. You can have a WebFinger file or server in domain A respond to a lookup and provide a Mastodon account somewhere else 
@lina@fshr hm, that makes me wonder, what would happen if my webfinger link would have multiple "rel": "self" entries...
@lina Assuming the protocol supports it (not checked) I would assume it would pick the first valid entry listed (again not checked, but could look in the server code)