# OpenPGP Email Identity Audit Date: 2026-06-04 Current long-term OpenPGP identity: `DF3B 3209 EEDB 36C8 00F0 9C1F 1712 C2A1 55DF 887E` ## Current Key The current 2023 identity key has only current, controlled identities: - `paudley@blackcat.ca` - `paudley@patrickaudley.com` - `paudley@blackcatinformatics.ca` Recommendation: keep these UIDs active. ## Legacy Personal Keys Legacy personal keys contain historical identities and should be treated as retired for new use: - `16AC 2A16 0B1E ADDF 9366 FDD4 6F6A 2A90 AE0C F2CA` / `6F6A2A90AE0CF2CA` - `677E 3559 B16D 9FEE D463 8849 3214 F34A 0999 B06E` / `3214F34A0999B06E`, expired - `CA85 92E3 F5E0 6BC2 0797 79B6 6C2E 7A6C 9C16 2447` / `6C2E7A6C9C162447`, expires 2028-07-01 Historical UIDs on these keys include: - `paudley@blackcat.ca` - `postmaster@blackcat.ca` - `patrick.audley@gmail.com` - `paudley@patrickaudley.com` - `paudley@paudley.com` - `paudley@paudley.org` - `paudley@blackcatinformatics.ca` Recommendation: do not revoke solely for age. Publish a transition statement and allow these keys to remain historical identity anchors. ## Stale Or External Identities The keychain contains historical addresses that are no longer current or are tied to external organizations: - `paudley@pobox.com` - `paudley@compbio.dundee.ac.uk` - `paudley@cogneto.com` - `paudley@gt.ca` - `paudley@cisco.com` - `paudley@breadfinance.com` - `patrick.audley@breadfinancial.com` - `paudley@standtogether.org` Recommendation: avoid using these for new OpenPGP correspondence. Revoke UIDs only if the address is no longer yours and a public non-use signal is preferred over archival continuity. There is no compromise indication. ## Special-Purpose Keys Special-purpose keys should remain scoped: - `IBRK_paudley@catmoose.ca` - `IBRK_paudley@blackcatinformatics.ca` - `AF5E 0032 F749 4CEB CAA7 BBBE 9B87 CFBB CFDB AF11`: dedicated GitHub signing key Recommendation: keep these separate from the personal identity key. Do not broaden their capabilities. ## Policy No compromise is known. Therefore: - Do not revoke whole historical keys for modernization alone. - Retire old keys by signed transition statements and expiry. - Keep old encryption secret material locally for decryption. - Publish the current identity through HTTPS, WKD, DNSSEC OPENPGPKEY, and archival keyservers.