-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Last Update: 2025-07-08

This is a signed summary of relevant cryptographic information. This document
may be used in conjuction with a verified copy of my public key to establish
trusted communications through other channels.


# PGP Fingerprint

5249 2412 A119 0FC0 87EA 0F1D 70B2 20FF 8D2A CF29


# Signal

pigmonkey.82


# Session ID

059fa7134a8c8674d4c14311c5392f3343d401466284a844266737835e7771600c


# SSH Public Key

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDotO5erTRlNWn5fcHjskFdwxDDEaJ3Q/vXfWMK6kpefLA6K3G1r/TH57lDsXpNIuUwt/61JCu7ShWLqrmBeVkhnPj8eBjRLg6UtFumXXDRCCHHLjd8nyZqyVHHNd0ygSwC26F+o5s87W2tkZLZjqvym69xLHlIpE2vxndE/Bk/idBm9ZyWBVANJvEs7CTOpxb+G8C08o6IfcpIP+Qf7P/4ydgNWDWAKWJHbJ+rfzkdsRenfcuN3WVa47jzItM3K0ZL6C7FB6F1FS3uTG9ahGBOltzfx6WKlnuOKwzLmNl7SE6I2otMGQv7O7dw4/qWIE8BWHcb6QBtNvwGY29mJ0nX


# PGP Key Signing

I will sign other keys according to the following policy.

## Casual (Level 2)

I have performed a casual check of the person and key, generally meaning that:

* I personally know the subject of the key by the UID, and have for some time;
* I can readily and reliably recognize them; and
* I verified their key fingerprint through an out-of-band channel, which might
  include voice or video chat.

## Extensive (Level 3)

I have performed an extensive check of the person and key, generally meaning that:

* I physically met the person, not by voice or video chat;
* they presented me with difficult to forge evidence of their identity;
* I verified their key fingerprint at that time; and
* I verified that the email address of the UID belongs to the person.


## Notes:

* I do not have a specific metric for how long I have to know someone before
  being willing to certify their key based solely on our relationship. I use my
  judgement and discretion.
* I do not require that the UIDs I certify are someone's birth name, or the
  name on their government documents. I will certify a persistent pseudonym if
  that is the name someone goes by.
* "[D]ifficult to forge evidence of... identity" often means government issued
  photo identification which I find convincing. It may also mean a personal
  attestation from someone who I know well and consider trustworthy.


# PGP Key Management

My private key was generated offline on an air-gapped computer. All key signing
occurs on an offline, air-gapped computer. The key and computer are stored
securely in a tamper-evident manner. Signing and encryption subkeys for regular
use are stored on a YubiKey NEO.

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEGLwQ6rSLzd+OimjcVOmYrGGLwTcFAmht+BkACgkQVOmYrGGL
wTdOSwf8CURnys6DV47D7lfh87nYB1+vvF2vbYfmLAVYaqfVrvBb6Z6Ef5u7MIxB
go5pgFoB4ckVHNmbU7RmG+vc+GDMPIG+wu70NIZZx7bw57gwISGEA4oqFebzgYsT
W6n8pCgRNhKXF/5aX+LL0aS1oaNIjSsTeuMhxlXQ7ZYpHGPDOEa/d9SQap689bgY
XxNZMtxyufznB80YAya5tOtMmiVHh7zwspP6mOKKh7M+qDjEZZUqXcm+BOGrziy9
Fk0Hq9BLlVofiz38Mm1dWuOCpEw+SjTlHA+RV8bAwfM7BohEbQ2o03Y4stvNPaWj
SlicGbpFMD61BqZdS/VfqiH2/FlA0A==
=XThd
-----END PGP SIGNATURE-----