41 lines
2.1 KiB
Plaintext
41 lines
2.1 KiB
Plaintext
This is the signing policy for key 0xE9F4D999943E991C:
|
|
|
|
### Meeting
|
|
|
|
I am willing to sign keys for people I meet in person, in reasonable circustances (not in a hurry, in a calm place, etc.).
|
|
|
|
The owner of the key should bring an hardcopy of the output of the command: `gpg --fingerprint $KEY_ID`, or an equivalent listing of the same informations.
|
|
|
|
If the key is not available on public servers, the piece of paper should include an alternative address where I can easily retrieve the public key to sign.
|
|
|
|
I reserve the right not to sign a key; reasons may include, but are not limited to, insufficient identification (I think the face to face meeting mitigate the problem) or problems retrieving the key.
|
|
|
|
### Signature Levels
|
|
|
|
I'm not using signature levels: I think don't add much value. I fully trust all people I meet.
|
|
|
|
### Key trasport
|
|
|
|
After signing the UIDs, I will send the signed key to each e-mail address as a light form of address ownership control; I will not upload the key to any keyserver.
|
|
|
|
### Subsequent keys
|
|
|
|
If I have signed your key and you create a new one (e.g., because you are migrating to a new format), I am willing to sign the new key without meeting in person, as long as the following conditions are met.
|
|
|
|
1. The old key is not yet expired or revoked when you send me the request (obviously).
|
|
2. You send me an e-mail signed with the old key and containing the information about the new key needed for a new signature (fingerprint, UID you want to have signed, where to find the key).
|
|
|
|
I will sign the UIDs I had already signed with the old key, the others only if I am sure they are yours.
|
|
|
|
### Pseudonym keys
|
|
|
|
I will only sign pseudonym identities on keys if I've known the owner of the key under that pseudonym for more than a year.
|
|
|
|
### Photo uid
|
|
|
|
I won't generally sign photo UIDs because they are hard to properly verify.
|
|
|
|
### Reciprocity
|
|
|
|
Reciprocity is appreciated, but not required: if we meet so that I can sign your key I expect that you look at my ID and fingerprint; if then you have a reason not to sign it I understand it, but appreciate if, situation permitting, you explain what the issues are, so that I can fix them for the future.
|