Security and Identity Information

This page is the canonical source for cryptographic identity, secure contact, and security disclosure information across all services, projects, and infrastructure operated by this entity.

It is intended for security researchers, collaborators, clients, and infrastructure peers who need to verify identity, report vulnerabilities, or establish secure communication.

Identity and Trust

Name: Mia Lynn Ferrier
Role: Systems Administrator / Infrastructure Engineer
Timezone: Europe/Berlin

This page is the authoritative source of truth for identity verification. Verify fingerprints before trusting any key.

SSH

SSH Public Key:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCoCBBTGB5hf7N+Sy3IgkVnaufb9bN3J70RL9Mw3FLN+MvHw5FLV3wh2ArIPU1/qiRwU1uidSLE1LMqKadEF/1mGHtuGo8IDbQm1E1hi3lmHTpc6h4wuVD/ugrBvWXaupvnYZKuy7Q7rmJtPeMZq60imt/FB/XmzfS+E1+ZUunUCFsAbC4G6BkuqFru123wV3lSfrn8phWskFqnecQPV1aRpHX01QSvu4Lf1/VkgbR3Se55/efNKvylZD/zt/x2V32jUpvWOobZr4hOPL8fHu/x4hykWKJHhwTuiTFxHxH9lIr22+uXri2ZigSZZec/8X51WvahW46768Ss3H/VklKI7mcPARtqVEG+KPzEqaXVsTump4NU2a44jYBSw7/nZh3HmsvKLl6aOTej//t4+5c/OV0ELQC5aTAqLqLyNnafiYY/Be1tw2knj9X3pP5/77jtUF0mvXlWw0p6usahA1xlX7mmblMX0CBjHY7cYuKBZTp36ETrYTNGIbgrMYHh9p0= me@lynn.ac

SSH Fingerprint (SHA256):

SHA256:/SdUFaHk1avmd8dwnfNit5bSPNKJSzGgI5WFUaQYlA4

Usage: Authentication, Git commit signing

GPG

GPG Public Key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEafNEmBYJKwYBBAHaRw8BAQdAG9HxhXv8sRtdQYEZCM+aNieooJgAmyIbZAhw
NmWRubS0HU1pYSBMeW5uIEZlcnJpZXIgPG1lQGx5bm4uYWM+iJAEExYKADgWIQT6
Xli/69wKucVOBfChnd4kneqppgUCafNEmAIbAwULCQgHAgYVCgkICwIEFgIDAQIe
AQIXgAAKCRChnd4kneqppgO2AQCqoRdfU0OuBxah/6VjouGsXkPuKzX7kXY8UmbH
PkiXoAD/coiLvn+AYhjluMUcRSj9GClYsLVw/GJZiD992Q1WkAK4OARp80SYEgor
BgEEAZdVAQUBAQdAvWK13QZWUWEMxZZ85o3dI0kc89OUfTIyon/OAhI+J20DAQgH
iHgEGBYKACAWIQT6Xli/69wKucVOBfChnd4kneqppgUCafNEmAIbDAAKCRChnd4k
neqppkVJAQCX+cF8VZBJ5WnVUVS5Xkw/aVoGVDpzMxdPrOkmA8zi1AD+P/ULzRh4
TizOiZJCvIcyxkUzZLrlHFC8GMpoNKxAZwc=
=PSfU
-----END PGP PUBLIC KEY BLOCK-----

GPG Fingerprint:

FA5E58BFEBDC0AB9C54E05F0A19DDE249DEAA9A6

Usage: Signing (Git commits, files/documents), Encryption (Files/documents)

S/MIME

S/MIME Public Key:

-----BEGIN CERTIFICATE-----
MIIF2TCCA8GgAwIBAgIQVQ/vTZiYxip/N4tmbfU4LjANBgkqhkiG9w0BAQsFADCB
gTELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRl
IFNhbiBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMgUy5wLkEuMSwwKgYDVQQDDCNB
Y3RhbGlzIENsaWVudCBBdXRoZW50aWNhdGlvbiBDQSBHMzAeFw0yNjA0MzAxMjMy
MjhaFw0yNzA0MzAxMjMxMjhaMBUxEzARBgNVBAMMCm1lQGx5bm4uYWMwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4ORiLCKfHKBujf9hBTY81Iom9hNOd
s9rYAMSJlcpEgOKbT6YUDwB3C+C7hCziYi7gN3lPRT7dq4SWckHAxFNbRjQJ+S3n
WMIXdenDfw7fLYsIpvibKDjbksTok0Pkt0Gdi+Eiwbj+JrtaCUA39ZUH45hir2I8
B1EOrnummMtEU8ACHg3Edf0TA3puSyPcPg5Fp88HvUOMg3azbLZCjLl9gevGKSfR
HbuIX3NSHRCRCatNu8FbbnVKu3k4dhPWOmDhk6o4yo3WkOtC7xPZGsSWmJbaAJ1+
ZNnPr15VeCb7NGXWuyIRJnL+5oQskmcvfvMykVQHzeCrjzxmblQqSDvNAgMBAAGj
ggG2MIIBsjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFL6XqaqEv4C/EFN9CTL5
4S4yG893MH4GCCsGAQUFBwEBBHIwcDA7BggrBgEFBQcwAoYvaHR0cDovL2NhY2Vy
dC5hY3RhbGlzLml0L2NlcnRzL2FjdGFsaXMtYXV0Y2xpZzMwMQYIKwYBBQUHMAGG
JWh0dHA6Ly9vY3NwMDkuYWN0YWxpcy5pdC9WQS9BVVRIQ0wtRzMwFQYDVR0RBA4w
DIEKbWVAbHlubi5hYzBSBgNVHSAESzBJMDwGBiuBHxABATAyMDAGCCsGAQUFBwIB
FiRodHRwczovL3d3dy5hY3RhbGlzLml0L2FyZWEtZG93bmxvYWQwCQYHZ4EMAQUB
AjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwSAYDVR0fBEEwPzA9oDug
OYY3aHR0cDovL2NybDA5LmFjdGFsaXMuaXQvUmVwb3NpdG9yeS9BVVRIQ0wtRzMv
Z2V0TGFzdENSTDAdBgNVHQ4EFgQUjmLdLoREnZjEjLkFnmLaNuf8JJIwDgYDVR0P
AQH/BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4ICAQB7dNloXX5wcEqKOXmbex4OyenJ
3hebmbkN3nTvyQYOJbtf2+UgyR6iHgLA6mF3GFidDVqvX5HC5/g2PKVGGC80rkHI
tCsX8LxiYmi5d7AnKX+PBd/NJif+qgVu/pRy59Dp+QuJu54rud/gucIglS9kmN9G
4qKQPw1Epz0RXS6tEvI5OR0DJyREBOVFs43tNi9KMeDJdmH5vW2bdenePmbj2fIy
XXpOv9QgbySbQJ2aHGI6RjaLFuTGZIld31k4tvvKStxLB8xoZtKPXLh6qVVcsOiI
92tQ6c54n/pSM0f1h6d/pyZaeoSWqoG0RoKfA15UyXd+pOfqMoxvAgnDvbQ3TLBW
GhUldXokD/VywOFxXUK9uS72CK3kcjmGy8yqnHpNJrByOjXBpaY8G8K1Ctf3iEpq
mhYobwthtc3KU4yr5+nvzFjr/YHjwmSwbVmuBnF8VS8T1WwCGU/ejgqkPDLHmnRC
0IZkbi9RrbZ+53DXwOTxecr5rz/9MASIBjiHOPfO5mj5rgTkLnO6JVMVm4A7PZH0
kjS3BeFdDkPmdkkwEf/1Q44kKCmBneeiIShpG4YTxedMchLrc7bBw0CmPp8tLpL+
wC/86huHd4bTSYQRSHF1UHTLeBEBUhBGFXzWbGMtfjhAsI4oNUrLoMvDqap0npni
g3yn0J/oj4ycGdZyUw==
-----END CERTIFICATE-----

S/MIME Fingerprint:

251ed7e6fe69b68873b5f0ca216b0eaf62f45aec773bf174950c82a25566090f

Usage: Email signing and encryption

Git Commit Signing

All Git commits are signed. Unless otherwise noted, signatures correspond to the SSH or GPG keys published on this page.

Unsigned commits should not be considered authoritative.

Email Signing and Encryption

All email communication is signed using the S/MIME certificate listed above.

Encrypted email is supported and preferred for sensitive topics. Encrypted emails use the same S/MIME key unless otherwise specified.

Security Contact

Security Email: security@lynn.ac

This address is dedicated exclusively to security reports.

Encryption:

• Preferred: S/MIME (certificate above)
• Alternative: GPG (key above)

Key Retrieval:

• This page (authoritative)
• AKA/SMIMEA (DNS-based key discovery)
• Keyservers (non-authoritative)

Response Expectations:

• Initial acknowledgement: within 24–72 hours
• Triage and validation: within 3–5 business days

If no response is received within 72 hours, resend the report.

Vulnerability Disclosure Policy

Scope

In scope:

• Public-facing services, APIs, and infrastructure
• Hosted applications and platforms

Out of scope:

• Third-party services not operated by this infrastructure
• Denial-of-service attacks (DoS/DDoS)
• Social engineering or phishing attempts

Reporting Guidelines

Please include:

• Clear description of the issue
• Affected systems, endpoints, or domains
• Reproduction steps or proof-of-concept
• Impact assessment
• Supporting material (logs, screenshots, payloads)

Safe Harbor

No legal action will be taken against individuals who:

• Act in good faith
• Avoid data destruction, modification, or exfiltration
• Limit testing to what is necessary to demonstrate the issue
• Report findings responsibly and privately

Disclosure Process

• Reports are reviewed and validated
• Issues are classified by severity and impact
• Remediation is prioritized accordingly
• Fixes are deployed as soon as reasonably possible

Coordinated disclosure is preferred. Public disclosure typically occurs 30–90 days after resolution.

Researchers may be credited for valid findings upon request.

Security Practices (High-Level)

Infrastructure:

• SSH key-only authentication; password auth disabled
• Principle of least privilege enforced
• Regular patching of OS and services
• Network segmentation, firewalling, and rate limiting

Applications:

• Input validation and output encoding
• Secure authentication and session handling
• Dependency management and updates
• Secrets stored securely, not in plaintext

Transport Security:

• TLS 1.2+ enforced (TLS 1.3 preferred)
• HSTS enabled
• Weak ciphers and legacy protocols disabled

Operations:

• Centralized logging for auth and admin actions
• Regular automated backups with encrypted storage
• Periodic restore testing

Cryptography:

• Modern algorithms and key lengths
• Keys rotated periodically or upon compromise
• Revocation mechanisms in place

This page is the primary source of truth for identity verification.

Trust and Verification

To ensure authenticity:

• Always verify key fingerprints before use
• Do not trust keys from unverified third-party sources
• Prefer cross-verification via:
  • This HTTPS-hosted page
  • DNS-based records
  • Previously signed communications

Automated Scanning

• Non-intrusive scanning is permitted
• Excessive or disruptive scanning may be rate-limited or blocked
• Exploitation attempts without coordination may be treated as abuse

Recognition

Valid vulnerability reports may be acknowledged publicly with consent. No monetary rewards are offered unless explicitly stated.

Legal

This policy does not authorize unlawful activity. All testing must comply with applicable laws and regulations.

Access to data must be strictly limited to what is necessary to demonstrate a vulnerability.