My friend Terence Eden is knowledgeable (and blogs wittily and accessibly) about IT security issues. He’s also a vociferous advocate of PGP, a computer program for the encryption and decryption of data and communications. At my suggestion, he just registered for an ORCID iD (it’s 0000-0002-9265-9069), and the first thing he did was to include a link to his PGP Public key in his ORCID profile.
That’s the first time I’ve seen this done.
Perhaps more people should include links to public keys in their ORCID profiles? Maybe ORCID could consider a separate parameter for this (or is the “websites” section of the profile adequate)? What do you think?
But whatever you do, when you link to your PGP public key from your ORCID profile, don’t use Bit.ly!
Note: I’m Wikipedian in Residence at ORCID. An ORCID (Open Researcher and Contributor ID) identifier is a nonproprietary alphanumeric code to uniquely identify scientific and other academic authors and content contributors — like an ISBN, but for people.
It’s a tricky question you pose. Generally speaking, it is probably a good idea to let people link to a site which contains their PGP key. A site like https://Keybase.io/ allows a user to more easily verify that the key is correct than just seeing it embedded on the ORCID site.
In addition, does ORCID have the rigorous security needed to prevent a malicious entity from changing a user’s key?
I think having a “websites” link is the best way to do it – otherwise ORCID runs the risk of constantly adding and deleting site categories. Would you be asking if ORCID should have a dedicated MySpace link, for example?
Thanks Terence; I wasn’t clear – I was thinking of a specific “Public Key link” parameter, not a parameter to hold the key itself.