Just verifying their PGP public key doesn't prove they're infact still the same person, a signed PGP message would.