-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

## Statement of Key Validity

This statement attests to the authenticity of my PGP key and provides a way for you to test verifying my signatures.

The PGP key, 44EE393954B2CBA0, and its subkeys are mine and have always been mine. These keys were and will be generated only on an air-gapped system, and the master key has never been on an online computer. The E, A, and S subkeys reside on a hardware token that requires a passkey to prevent theft and misuse. Subkeys expire annually, and the master key expires biannually; keys are generally extended rather than replaced unless there is reason to believe they may be compromised. 

You can reasonably assume that I signed anything signed with this key, and that anything encrypted with this key can only be decrypted by me. That said, I make no guarantees, and you shouldn't bet your life on someone else's security hygiene. At this time, 13 JAN 2026, I am not aware of any incidents compromising my keys, and I have never been forced or ordered by anyone, government or otherwise, to reveal my private keys or provide access to utilize them.

## Web of Trust

If you would like to build the web of trust by signing my key, having me sign your key, or both, please email joshua.m@-DONT-Spam-sdf.org (think about it). Over PGP-signed emails, we can hash out the details of identity verification. Eventually, I will update this document with the information I will need to be satisfied that you are who your key claims you to be.
-----BEGIN PGP SIGNATURE-----

iQEyBAEBCgAdFiEEzzpmwaT9k27FEyNvfxHAsnE4mGUFAmloX44ACgkQfxHAsnE4
mGWnfwf2LvCoVdY36txIyHgtlTGxg/5HoFxyFBSTXSoBLxqXU02vspPk6ePUBX1u
J/udBkER+YhySOgc82Wz+Q8SGJuQUWS7ABRmWtI5290nLcJeEkIbHbNZrn1L7u1A
X9W7NmtRp6aNP2xnt8KFTC/M241lePs/QZdlVW3EXfkvzIaMPOf2WTMTnhDFz78k
+JNEyjQf7tlcMxenDo1ZOUFxyB/IXkg0fTk19+6KtPtzzfUxe/7QpIv9bC//lSUF
plP9UawbFI52tVoW+z7t3yaMczBWk3iCLzSkD2EQ/UfswG+oqXgZDRz8/3wxR8GV
3uFQLkH2NiVM4HS8ml1tRyUX0EeQ
=G1n7
-----END PGP SIGNATURE-----