-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Last Update: 2024-06-19 This is a signed summary of relevant cryptographic information. This document may be used in conjuction with a verified copy of my public key to establish trusted communications through other channels. # PGP Fingerprint 5249 2412 A119 0FC0 87EA 0F1D 70B2 20FF 8D2A CF29 # Signal pigmonkey.82 # Session ID 059fa7134a8c8674d4c14311c5392f3343d401466284a844266737835e7771600c # SSH Public Key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDotO5erTRlNWn5fcHjskFdwxDDEaJ3Q/vXfWMK6kpefLA6K3G1r/TH57lDsXpNIuUwt/61JCu7ShWLqrmBeVkhnPj8eBjRLg6UtFumXXDRCCHHLjd8nyZqyVHHNd0ygSwC26F+o5s87W2tkZLZjqvym69xLHlIpE2vxndE/Bk/idBm9ZyWBVANJvEs7CTOpxb+G8C08o6IfcpIP+Qf7P/4ydgNWDWAKWJHbJ+rfzkdsRenfcuN3WVa47jzItM3K0ZL6C7FB6F1FS3uTG9ahGBOltzfx6WKlnuOKwzLmNl7SE6I2otMGQv7O7dw4/qWIE8BWHcb6QBtNvwGY29mJ0nX # PGP Key Signing I will sign other keys according to the following policy. ## Casual (Level 2) I have performed a casual check of the person and key, generally meaning that: * I personally know the subject of the key by the UID, and have for some time; * I can readily and reliably recognize them; and * I verified their key fingerprint through an out-of-band channel, which might include voice or video chat. ## Extensive (Level 3) I have performed an extensive check of the person and key, generally meaning that: * I physically met the person, not by voice or video chat; * they presented me with difficult to forge evidence of their identity; * I verified their key fingerprint at that time; and * I verified that the email address of the UID belongs to the person. ## Notes: * I do not have a specific metric for how long I have to know someone before being willing to certify their key based solely on our relationship. I use my judgement and discretion. * I do not require that the UIDs I certify are someone's birth name, or the name on their government documents. I will certify a persistent pseudonym if that is the name someone goes by. * "[D]ifficult to forge evidence of... identity" often means government issued photo identification which I find convincing. It may also mean a personal attestation from someone who I know well and consider trustworthy. # PGP Key Management My private key was generated offline on an air-gapped computer. All key signing occurs on an offline, air-gapped computer. The key and computer are stored securely in a tamper-evident manner. Signing and encryption subkeys for regular use are stored on a YubiKey NEO. -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEGLwQ6rSLzd+OimjcVOmYrGGLwTcFAmZzj84ACgkQVOmYrGGL wTfdDgf8DWEw1Rn9uAVJe8fGf/GSmLao4SejnWalX0xdCkXueSyb+5VcHNjuZjgJ 7SqQIFb5doCK+DRA5n2i+6rTKt0z1sOleAcrQm5JuC3mkMY6I7HxDG8Rs8QbKno2 inSe08BuS+ozdR6mj78SIvHFVvZDf5CgAzd7y90sxTF4KtLmXzInUVESBpNQcUsv QoI0qmjNvY/KpZqDSoouqdgNlzTl2l7SkkX3sbJM14bYm5P7xsTfgexNaRwpTUh7 2H2EHLivEzGKNRmV61b0uKWFV5k9qMIBo/dDjBxAiZgzMLBLy3drDpn1aPf2iin/ 9hXpMEtlfmFLgRdGh/iCjLzyyEKpjA== =LlKF -----END PGP SIGNATURE-----