If I am understanding correctly, dream mirrors should be able to be verified by confirming that the 'verifySafeHaven' message was signed by the key in the superlist. That's correct right?
There are other keys floating around on other subreddits, but there is no way to verify that its not just a key created for phishing.
So if I'm not doing something wrong, maybe this will serve as a heads up to someone.
unfortunately not. the key which is used to sign the /verifySafeHeaven messages just magically popped up on dream and never got signed by the original dream key.
I understand if a different key than the one from the admin gets used to automatically sign mirrors, but at least that key should be signed with the original admin key once.
so it could be that dream got taken over but law enforcement never got control of the admin pgp key. so they just introduced a new pgp key without signing it and never produce a other signed message with the original key [because they can not] and not a single user complained.