-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Last Update: 2022-06-15 This is a signed summary of relevant cryptographic information. This document may be used in conjuction with a verified copy of my public key to establish trusted communications through other channels. # PGP Fingerprint 5249 2412 A119 0FC0 87EA 0F1D 70B2 20FF 8D2A CF29 # OTR Fingerprints xmpp: peter@havenaut.net/nous 05D7ECB2 B4B4EB39 D0F13CD6 BBF391BF C9ADE759 # SSH Public Key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDotO5erTRlNWn5fcHjskFdwxDDEaJ3Q/vXfWMK6kpefLA6K3G1r/TH57lDsXpNIuUwt/61JCu7ShWLqrmBeVkhnPj8eBjRLg6UtFumXXDRCCHHLjd8nyZqyVHHNd0ygSwC26F+o5s87W2tkZLZjqvym69xLHlIpE2vxndE/Bk/idBm9ZyWBVANJvEs7CTOpxb+G8C08o6IfcpIP+Qf7P/4ydgNWDWAKWJHbJ+rfzkdsRenfcuN3WVa47jzItM3K0ZL6C7FB6F1FS3uTG9ahGBOltzfx6WKlnuOKwzLmNl7SE6I2otMGQv7O7dw4/qWIE8BWHcb6QBtNvwGY29mJ0nX # PGP Key Signing I will sign other keys according to the following policy. ## Casual (Level 2) I have performed a casual check of the person and key, generally meaning that: * I personally know the subject of the key by the UID, and have for some time; * I can readily and reliably recognize them; and * I verified their key fingerprint through an out-of-band channel, which might include voice or video chat. ## Extensive (Level 3) I have performed an extensive check of the person and key, generally meaning that: * I physically met the person, not by voice or video chat; * they presented me with difficult to forge evidence of their identity; * I verified their key fingerprint at that time; and * I verified that the email address of the UID belongs to the person. ## Notes: * I do not have a specific metric for how long I have to know someone before being willing to certify their key based solely on our relationship. I use my judgement and discretion. * I do not require that the UIDs I certify are someone's birth name, or the name on their government documents. I will certify a persistent pseudonym if that is the name someone goes by. * "[D]ifficult to forge evidence of... identity" often means government issued photo identification which I find convincing. It may also mean a personal attestation from someone who I know well and consider trustworthy. # PGP Key Management My private key was generated offline on an air-gapped computer. All key signing occurs on an offline, air-gapped computer. The key and computer are stored securely in a tamper-evident manner. Signing and encryption subkeys for regular use are stored on a YubiKey NEO. -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEGLwQ6rSLzd+OimjcVOmYrGGLwTcFAmKqr7IACgkQVOmYrGGL wTc9zwf7Be8f47u4fdKeS3+wYKRHMSeXGVNfb9DXd1BRIaI+N7HYYHp7QfDk5Jp9 80l45YrKAxCEq+5FpoZ/ulOvMPm+sqRUeGHr33YQ0nNwpiWX2vBFg/aSqXn8GMmZ Uj9h+V8dzN/rrwGBJMmG41pJCZ4YTbFWfnldccrymNf/evIeh0kATH1GVCgQ8meX ha3feNTjrMEhRAOYTcmEBWNx1gJaN35LObFVQthdb6CbfE3kH9GLLpXddqY7UJdl ukxlnHdIdZgSHdm/70aJzRBnOF8zeH/oSN84lMiw3xQskpciYTkzM4xdTL+PbgSs C0tqshZ7DL3D1jSC0lsq/XxOr1pD8Q== =UPrk -----END PGP SIGNATURE-----