| Kind | Stands for | Created by | Holds keys via |
|---|---|---|---|
| HMR | Human Master Record | proof-of-personhood ceremony | single Ed25519 keypair |
| MHR | Machine Holding Record | n custodians | FROST t-of-n threshold signing |
| ENR | Entity Namespace Record | HMR or MHR | derived child key |
Every entry's signing key chains back through ENR → HMR/MHR → HMR.
HMR
The terminus of every chain. Created via a one-time identity ceremony (in-person or via attested webcam). Once minted, the public key is anchored on Sigil and is offline-verifiable forever.
MHR
For systems that can't accept interactive human signing. A pool of n custodians runs a FROST distributed key generation ceremony. Any t of them can sign on behalf of the MHR. Custodians may rotate without invalidating the MHR's identity.
ENR
A namespace ("l1fe", "verbage", "openagent") bound to one HMR/MHR.
Entries within an ENR derive their keys from the ENR's master key
via HKDF, scoped by <kind>/<name>.