smkent's PGP key and key signatures policy document
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
policy-template.md
sign-policy

README.md

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Document version: 2016.09.27 (history)

PGP Key

My PGP public key fingerprint is 0342 C809 99FB 1A06 FD0F 9533 8392 C992 D925 00A9.

The source of this document is signed with that key. Please verify that the signature is still valid. Verification of the current version of this document can be performed using GnuPG:

gpg --recv-keys 0x0342C80999FB1A06FD0F95338392C992D92500A9
wget -O- https://github.com/smkent/pgp/raw/master/README.md | gpg --verify

To verify a prior version, replace master in the above URL with the git commit ref corresponding to the version you would like to verify.

Key signing policy

I am willing to sign PGP keys when provided with sufficient proof of identity and private key ownership.

I use the PGP key signature levels are as follows:

  • I do not create new level 0 signatures ("I will not answer"). Existing level 0 signatures predate the existence of this document and indicate that the key owner is well known to me.
  • I do not create level 1 signatures ("I have not checked at all").
  • I create signatures at level 2 ("I have done casual checking") and level 3 ("I have done very careful checking").

See below for how to request a signature. If you request that I sign your key, please be willing to sign my key as well.

I have done very careful checking (Level 3 signature)

  • I am willing to sign your key if you are personally well known to me.
  • I am willing to sign your key if we exchange full PGP key fingerprints and government-issued photo IDs, either in person or via end-to-end encrypted video conference. Acceptable photo IDs are one of a United States passport, state driver license, or state ID card.

To request a level 3 signature, contact me at the e-mail address in my public key.

I have done casual checking (Level 2 signature)

I am willing to sign your key if you provide me with a color scan that includes the following:

  • A government-issued photo ID (United States passport, state driver license, or state ID card). Only your name and the photo are needed to verify your identity, so you may conceal or remove additional personal information if you prefer.
  • A handwritten copy of both your full public key fingerprint and e-mail address.

To request a level 2 signature, send a signed and encrypted e-mail containing the above information to the e-mail address in my public key.

Signature creation and delivery

After meeting the above identity verification requirements, I will individually sign each of the UID(s) corresponding to your identity and e-mail an encrypted copy of your public key for each signed UID to its corresponding e-mail address. You must decrypt the signed key(s), which provides sufficient proof that you control the corresponding private key.

PGP key signatures I create do not expire.

I reserve the right to not sign a particular key or UID at my own discretion.

References

Document history

This document may be revised at any time. Material changes to my key and/or signing policy are listed here. For all document changes, please see the repository's commit history.

  • 2016.09.27: Initial document published
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX6y2AAAoJEOtpYCKbPiprs5gQAON6HRJtTSw8iglX7QsBI+7g
RJRnsXuqflSonE1CMcF3OCvFzBu40mW7b6zKtYMnma0nuIN9dBa5jAQKWrPVXzin
+vYE5sTdhIOPLAH5ycnHWXNYKdoZv0kR861xyrPZrsrSmC0NnzJwyOwJMyGA+DHR
qp6tpafrBSDKgoxWuLcAm+Va403IrPTcmIu+6wWcWmZ8XIoD9e29f4U9pShof7e4
YWjnrFGNYPXmSt01Kme5o5t9VKQ4fDK8hBbNnMtLnOundIbaItXTFP/0RcR4NfA9
AIZqJvYbes5lrz0dxsoOFoszgyZIN+2lMoWBhefjHRkZLjrXxqIUwjHHjG642rsE
rFVLKyYjgIRT+sq+s4SejF7b+xfk7v2n8iCfbTRqg4iWdOFdz4rYSiPfPRzrFZGG
cn3BXO5RGepDjLZ6P/819xmPr08VuiUAewSq0VStU/xlcF0QsD/Ix/O3ySpkVJjv
eI2ZB76PZlGVZPHf0iduDSeGvxt6HBT4hmJcCnhh+T/lPWQEph0otn+FC3Wjwlsp
ivHEb3ECavF71EDk9SX+GHqaRFhzxNVVXLpQ8u2DISNAJqXZziLZrJPjGN47RdLT
oCrfrz/vzpWlnuFmIulIXaKeSaI15omt6z9rAN9gVHkhDTyYBdWaYMeAEn47XiWA
hVFNe2+KUdyTmBncJqnv
=q87E
-----END PGP SIGNATURE-----