@ben sure you can! i've signed things like that for my fediverse accounts, since keybase doesn't know about them
but again i think rel="me" verification is better? o:
* it's more discoverable - the link is necessarily right there on your profile
* tools for automatic verification can be super simple - i currently use https://github.com/indieweb/verify-me , which currently does trust the https://indiewebify.me service to work, but it'd be super simple to write a zero-trust version?
* masto actually already supports it, which is why i have a nice green tick on my masto profile at the moment
it's theoretically less secure, since it doesn't involve private-key-signed messages, but if the two sites involved have proper tls it's at least as practically secure as the "get my pgp key from my site here in order to verify these proofs please" approach