I don’t get how that makes a third party (that does know the peer id) able verify that the one who added the link is the same one that added the original <cid>?
Also, what does PID have to do with this? PID is process identifier. I’m either missing something or it’s unrelated.
Could you give a complete example of your discovery, that might be more clear.