v1.0.2, last modified: 21.4.2007 23:25:12 CET
stylesheet: [black] [white] [none]
This policy is valid for all signatures made by the following GnuPG keys:
pub 1024D/7E3091FF 2001-10-07 uid Paul David Doherty <42!pdd.de> sub 1024g/E748AFDD 2001-10-07 sub 4096R/5889A856 2006-01-08 sub 1024D/5340383A 2006-01-08 Fingerprint: B681 4A2C 02A4 423F 38EB 262A 5350 AC63 7E30 91FF pub 1024R/B02D3A75 1996-07-16 uid Paul David Doherty <42!pdd.de> Fingerprint: 0A 4B D3 B9 30 67 65 BE 35 D3 1C 8D 06 74 05 A5
Please note: in this listing of key data "@" has been replaced by "!" - thank the spammers, the scum of the universe.
The keys can be fetched from keyservers like sks.keyserver.penguin.de or keyserver.kjsl.com. Or just download them from here:
The v3 key with ID 0xb02d3a75 is only used for correspondence with people unable to use the current v4 keys (i.e. users of PGP 2.6.x); generally this key does not need to be signed unless you are using a v3 key, since signatures on v3 keys made with v4 keys are not useful to PGP 2.6.x users.
This signing policy was adapted from the signing policy of markus reichelt, which was adapted from the signing policy of Marcus Frings, which was adapted from the signing policies of Marc Mutz and Jörgen Cederlöf. This document was originally adapted to my needs on 2006-01-09 and will be followed from that date on. My signing policy might be replaced without further notice, though. In such a case this document will be linked in the new one.
This document is located at http://policy.pdd.de/
I live in the center of Berlin, the capital of the Federal Republic of Germany, and I am always open to sign keys in my region. The easiest way to verify identity and exchange signed keys would be to meet in Berlin. Meetings at computer related conferences or other events are possible as well. I am also listed on biglumber.com, a site about key signing coordination.
The signee (the key owner who wishes to obtain a signature to his key from me, the signer) must make his public key available on a publicly accessible keyserver.
The signee must prove his identity to me by way of a valid passport (or identity card) or a valid driving license, featuring a photographic picture of the signee. At least one of the UIDs on the signee's key must feature his or her real name, so a key only containing a pseudonym will not be signed. I will only sign UIDs that contain the signee's real name.
I will check both of these tokens for people I don't personally know. No exceptions.
The signee shall prepare a strip of paper with a printout of the output of
gpg --fingerprint 0x12345678
(or an equivalent command if the signee does not use GnuPG) where
0x12345678 is the key ID of the key to be signed.
A handwritten piece of paper featuring the fingerprint and all UIDs the signee wants me to sign will also be accepted.
I only sign a key under the mutual agreement of cross-signing. No cross-signing, no deal.
A signing request may be declined without giving reasons.
After having received sufficient proof of identity I will sign the signee's piece of paper myself to avoid fraud.
I will send one email to each of the addresses listed in the UIDs I was asked to sign. These verification mails contain random strings and will be signed and encrypted to the public key whose fingerprint is printed on the sheet.
Upon reception of encrypted and signed replies I will check the returned random strings for equality with my records.
UIDs which pass the test are signed. If one of the UIDs fails the test a warning will be sent to the signee and the procedure will be halted until a satisfactory explanation is given.
The signed keyblock will then be mailed to the signee, and the signee emails my signed keys to me.
I use only two different levels of signatures, and here's why:
Please note that I will not accept sign-only keys for signing. Any signatures added to sign-only keys in error will be revoked.
You can use Henk P. Penning's pathfinder at http://www.cs.uu.nl/people/henkp/henkp/pgp/pathfinder/ which additionally provides alternative paths.
Copyright (c) 2006,2007 Paul David Doherty. (Original copyright (c) 2004 markus reichelt.)
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
|Paul David Doherty <email@example.com> Last modified: 21.4.2007 23:25:12 CET||main site|