They should sign an ethereum address to reduce ambiguity
(Any crypto asset address is fine, even PGP is good enough for this but PGP had 25 years to make that user friendly and common but failed, and cryptocurrencies made signing software more prevalent and uniform wayyyyy faster)
However, there's still some very good programs with good UX making use of PGP (for example delta.chat), and to this day no cryptomoney scam wallet has ever been as useful as PGP has over the years.
More generally, there’s broad consensus in the cryptographic community that PGP’s intended uses and design are fundamentally flawed/mismatched against modern actual uses.
Don’t get me wrong! Cryptocurrency is filled with shysters and I don’t use any of them. But we should probably be encouraging users to stop treating PGP over email as if it does anything and instead encourage them to switch to E2EE systems (since that’s what the majority actually want.)
this algorithm has failed to proliferate outside of thin security conscious niches for an entire generation of internet users, and has been leapfrogged.
It really isn't. It uses CFB and does not have a MAC, while the format is overly complicated for no reason.
Remember when satellite.earth "pioneered" this idea for their platform? (not ragging on them but some of the content posted on there were insightful and unique)
You can literally generate any public key / address hash that conforms with a blockchain and sign it and anyone can verify that you therefore control it
This has zero crypto assets involved and has no trail of assets so what are you talking about? If anyone sends funds to the address hash the owners can just tornado.cash it and withdraw it somewhere else with an instruction sent over the relay with no prior link to the funds or address. Its perfect right now. But what do you perceive?
^I'm responding to this
I am still openly questioning the nature of blockchain and open ledgers: trivial associations with transaction activity and address history can be had or via more complex analysis with clustering, modeling, etc (ie: Chainalysis). I used to think that a simple signature confirmation claiming "this is my email address" would be okay for solicited communications but what would happen if the channel used becomes adversarial?
Apologies but I'm failing at framing my own argument here as I'm confusing the intersection and implications of the current "NFT art" craze that's been happening. For example, some Tezos-based art projects are in reality minting your signature on the blockchain with an asset they host on an external source, eg: ipfs. You own the signature but do you really want to publicly "own" something controversial and perhaps illegal within your country's jurisdiction?
Signing an address has nothing to do with linkability or transaction history, or even blockchains, as this is not a transaction and requires no funds. It requires having generated the private key, client side. Signing proves you control the private key, public key and address hash. A signature allows other people to verify that you in fact do have control of that address. When looking at the address on a blockchain, it can be empty, no funds, and simply relegated to being a unique identifier for the person that signed the address.
Okay, so let's assume this is confusing because it conflicts with something else you thought you experienced regarding blockchains. Well just erase all that from your mind, and read on:
Blockchains use a namespace of address hashes. Private keys to generate those address hashes are only generated client side by the user, and there is enough randomness and entropy for no other user to generate the same private key, public key and address hash. But within the namespace, all public keys and address hashes already exist. I think this is the fundamentally different paradigm than account numbers like at a bank. At banks, for example, accounts numbers are incremental. ie. When an account is created new row is added to the account database it has an ID that goes up by one, and all the attributes of the account did not exist until the point in time that the server was instructed to create the account. In blockchains using a designated cryptographic namespace, all accounts therefore already exist and access must be generated client side by the user. The namespace is extremely large, which allows for assurances that nobody generates the same private keys, public keys and address hash. The other countintuitive thing to understand is that these accounts don't exist "on" the blockchain until someone sends funds to them. An empty address means it has never been seen on the blockchain, as this record only occurs after a digital asset or message references them in a prior transaction. GUI's for browsing blockchains smooth this over by letting you look at empty addresses simply by nature of them complying with the namespace, but an address that has never previously received funds or any other message is not in the blockchain at all, yet. The reason this is important is because if you have the private key to that address, you can still convey that you have control of that address via signing and there is no prior link to any other address or funds. There is no linkability or privacy issue. Signing just lets you have a unique identifier.
Using all that, to go back to what I said earlier, cryptocurrency wallets just makes public and private key cryptography so prevalent that signing is also more prevalent and available. Whereas PGP and GPG Suites had 25 years to do so and have not been successful outside of much much much smaller niches, that have not seem to have grown at all and the user experience arguably has gotten worse.
What you mentioned about NFT art signatures is a different topic. Address signing is about offchain signatures. All transactions and onchain metadata are onchain signatures.
Cryptocurrency address signing and wallets inherit the whole feature set so might as well run with that