The payload can be base64decoded without use of the public key, but you're right to criticize the location of the public key in the signed assertion. My proposed solution, which I hope to address after finishing up a phase of work redrafting the Recipient class is to make the publicKey a property of the Issuer Profile, not the Assertion. You've uncovered one of the obvious weaknesses with linking in the Assertion. What do you think of this modification?
There was an initial assumption dating from the first release of the signed badges spec, that each issuer would be an organization with their own domain name and their own badging application running on that domain. That has proven to be very far off the mark, and with the next release of the spec, it's a great time to fix it. The goal is by the end of the year to have the foundations of a distributed web of trust where we can trust which @ids correspond to issuers known to us, and what their public keys are. Build the foundation for issuers who are broadly trusted to rise above newcomers by amassing large numbers of endorsements.
Nate Otto
Director of Technology, Badge Alliance