-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Key-signing policy for Daniel Jacob Alan Silverstone, OpenPGP key 3CCEBABE206C3B69 ================================================================================== Time stamp: 201008231513Z Author contact: dsilvers digital-scurf.org Preamble ~~~~~~~~ This document establishes and presents a certification policy for OpenPGP keys. It applies to all key certification signatures made with the following key since 23 August 2010: pub 4096R/206C3B69 2009-05-08 [expires: 2014-05-07] Key fingerprint = 1956 8523 759E 2A28 58F4 606B 3CCE BABE 206C 3B69 This document is only valid if it appears signed by this key or a signing subkey of this key which has been signed with the certification key itself. Instructions to verify the policy document can be found further down. Terminology ~~~~~~~~~~~ For the purpose of this document, * MYKEY will refer to the aforementioned 4096-bit RSA/OpenPGP key with fingerprint 1956 8523 759E 2A28 58F4 606B 3CCE BABE 206C 3B69, created on 8 May 2009. * I, as the sole person capable and authorised to make key certification signatures with MYKEY, am henceforth known as the SIGNER; * a key may have any number of user IDs attached to it. Such a user ID will be referred to as UID. * a person, who is in control of an OpenPGP key with one or more UIDs that have one or more signatures made with MYKEY attached, will be henceforth referred to as SIGNEE; * that person's key shall be known as OTHERKEY. * the single signature, or set of signatures made by MYKEY on a single UID of OTHERKEY shall be called CERT. Certification policy ~~~~~~~~~~~~~~~~~~~~ This certification policy differs from many of the policies used by other people in that SIGNER regards reconnaissance of a person as important, but legal identity documentation as paramount. SIGNER does not issue CERTs for keys that are shorter than 2048 bits. According to this policy, a CERT certifies that 1. SIGNEE presented, in person, the full fingerprint of OTHERKEY, and SIGNER verified with that fingerprint that he was signing precisely OTHERKEY when issuing the CERT; 2. SIGNER has established the identity of SIGNEE through a legal document of identification presented, in person, by SIGNEE, and the identity information on that document matched those of the UIDs signed. An internationally accepted travel document (such as a passport) yields signature level 2. 3. The document in (2.) included a representative photo of SIGNEE; 4. The format of the document in (2.) was known to SIGNER at the time; 5. The document in (2.) did not have any obvious signs of tampering; 6. Optionally, that SIGNEE is known to SIGNER on a personal level such that SIGNER can recall several meetings between SIGNEE and SIGNER over a reasonable period of time. The minimum requirements, being four meetings over three years and a non-trivial amount of other interaction during that time, will yield a signature at level 3. 7. SIGNEE proved control over OTHERKEY, either by successfully decrypting the CERT before being able to import it (SIGNER never uploads to key servers directly), or by responding to a challenge with a message signed with OTHERKEY. In the case of UIDs with e-mail addresses, the following are also certified: 8. SIGNEE was able to receive the signature at the specified e-mail address at the time the signature was transmitted (shortly after it was made). In the case of UIDs with comments that establish an affiliation, e.g. to a project, a company, or an institution, the following is also certified: 9. SIGNER had no doubt at the time of signing that SIGNEE was affiliated with the identified project, company, institution, organisation, or other body or group. SIGNER will not issue a CERT if the use of the comment on the UID is not reasonable. In the case of photo UIDs, the following is also certified: 11. SIGNER will not sign photo UIDs. CERTs on UIDs that do not contain an e-mail address will only be transmitted via e-mail to the address associated with the UID nominated as primary on OTHERKEY, providing that the so-nominated UID has already been successfully signed by SIGNEE and the signature received, decrypted and published by SIGNEE. In particular, SIGNER never uploads CERTs to key servers directly. Signature levels ~~~~~~~~~~~~~~~~ SIGNER uses signature levels to identify the level of the CERT: 0. SIGNER never uses signature level 0; 1. Level 1 indicates that no reliable verification was performed, e.g. because the CERT was given to a role, a certification authority, or an organisation, and is never used for signatures on personal keys; 2. Level 2 is default and indicates that SIGNER has been presented with internationally accepted identification documentation which identifies SIGNEE. 3. Level 3 indicates that, in addition to the requirements of level 2, SIGNEE is known to SIGNER on a personal level, can be identified by SIGNER easily, and SIGNER can recall at least four previous meetings between SIGNER and SIGNEE over a period of at least three years, with a non-trivial amount of interaction by other means during that period. Validity of CERTs ~~~~~~~~~~~~~~~~~ CERTs are only valid if they contain a policy URL to this document, or an earlier revision, which has been GPG-signed with MYKEY. The policy URLs have the format http://www.digital-scurf.org/files/gpg/cert-policy/3CCEBABE206C3B69/[YYYYMMDDHHMMZ]?sha512sum=[SHA512SUM] where [YYYYMMDDHHMMZ] is the time stamp down to the minute, and [SHA512SUM] is the SHA512 sum of the whole document, including the in-line signature. Verification ~~~~~~~~~~~~ All CERTs have a certification policy URL embedded. Such URLs take the form: http://www.digital-scurf.org/files/gpg/cert-policy/3CCEBABE206C3B69/[YYYYMMDDHHMMZ]?sha512sum=[SHA512SUM] Remember that [YYYYMMDDHHMMZ] and [SHA512SUM] are templates (see above). There are three steps to verifying the integrity and authenticity of the policy document. The `wget` command will download the document to a file named according to the time stamp template [YYYYMMDDHHMMZ]: 1. wget -O [YYYYMMDDHHMMZ] "http://www.digital-scurf.org/files/gpg/cert-policy/3CCEBABE206C3B69/[YYYYMMDDHHMMZ]?sha512sum=[SHA512SUM] 2. echo '[SHA512SUM] [YYYYMMDDHHMMZ]' | sha512sum -c This step verifies that the document has not changed since the time the signature has been made, and thus the policy described is the actual policy that was in place at the time of the signing. Alternatives to `sha512sum` are `openssl dgst -sha512`, and `gpg --print-md SHA512`. 3. gpg --verify < [YYYYMMDDHHMMZ] This step verifies that the document itself is authentic and has been signed off by SIGNER. If there are any doubts pertaining to the authenticity of a CERT, please do not hesitate to get in touch with SIGNER (contact information in the header of this document). Credits ~~~~~~~ Thanks to Martin F. Krafft for raising the idea of certification policies to my attention, and for publishing his policy which was sufficiently close to my own ideas that I "borrowed" most of it. Revisions ~~~~~~~~~ A new revision of this policy replaces all earlier revisions, but obviously does not affect previous CERTs. The latest revision can always be downloaded from http://www.digital-scurf.org/files/gpg/cert-policy/3CCEBABE206C3B69/current Change log: 200907250748Z Initial version. 200908221741Z Spelling/typo fixes and updated verification instructions 201008231513Z Correction of a transposition of primary and secondary characteristics of verification of identity. Licence ~~~~~~~ You may use this document under the terms of the Artistic Licence 2.0. Copyright © 2009-2010 Daniel Silverstone Portions Copyright © 2009 Martin F. Krafft -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJMcpP8AAoJEMMN9DnymH10NXQIANcbaVMCZ595954oh203J0TW y6BKMUA2PNueJkcpnvs2dy6mVWZ1/T7K7dDThVR6F7VRpjvTmrkv9lOoqmKfIfON zlVIfmN6Rj2RlEtpftdAAbGc9kTs3O/C3iKjOv+2ibBQSUJm1LCcXwmSXut3zWep sB/LD3bWPU/FzWyC1FpZrxNQD69kLNTN++8TjuBdRxuQJ5eDm4+ck4AUpEw7K+l7 wYibch78FQLGaBoRb++PUqdDdtCgJ+iIhUG93Vs5ukP98mqljOqzymE23WED0gKZ dWwxVOvyVuJ2sObJceUDVge3gO/seNxjYIV5At65WESWC2WVosU1NwxMCHnT7SQ= =ILXa -----END PGP SIGNATURE-----