From @JustinDrake on Tue Jan 17 2017 15:46:06 GMT+0000 (UTC)
IPFS clients publish their public key on the DHT. Those records are not signed. Why not?
My guess: the validity of the public key can be checked by hashing it and comparing it to the peer ID. No signature required.
Copied from original issue: https://github.com/ipfs/faq/issues/220