@f4grx @nova@hachyderm.wtf "since the public keys are not in signed certificates" -- so that means you know it is the same person (or someone with access to the key), but have no third party attestation who that person is. (DNS is a kind of attestation, as it means "controller of this DNS record", which is what Let's Encrypt is based on).

So, it depends on what you are trying to authenticate? That they are the same person as last time, that they control the domain "northpole.com", or that they really are Santa Claus?