Yeah, I was being lazy and not parsing the details. Its scummy to pretend to be someone else. That said, we already have a solution for this in PGP signing