This policy is valid from the 27th of November, 2003, for signatures made by
the OpenPGP key with Key ID 0x748FF476 created 2003-11-27,
fingerprint
0B9A 5918 9A42 775F 01B9 BF57 ACA6 F689 748F F476
It may be replaced at any time with a new version or revision. If a new version incorporates changes that might affect the strength or perceived strength of the resulting signature, the old version will be linked from the new one.
This is version 0.1 from 2003-11-27. If you came here by following the policy URL of one of my signatures, please check the date of the signature to find the version and revision of this document that applies.
Changes from revision 1 to revision 2: This policy was converted to HTML5 and UTF8 at 2013-09-09, string v0.1r1 was replaced with v0.1r2, CSS was introduced that do notmodify the content and this paragraph was added.
The signee (ie. the key holder who wishes to obtain a signature from me, the signer) must make her OpenPGP public key available on a publicly accessible keyserver, such as the .pgp.net servers.
The signee must prove her identity to me by way of a national ID card, a driver's licence or a credit card. The token must feature a photographic picture of the signee.
For people from outside the European Union, only a combination of at least two of the above tokens will be accepted. Exceptions will be made when the signee can come up with other means of proof of identity. But at least one of the above tokens will stay the minimum requirement.
The signee should have prepared a strip of paper with a printout of the output of
gpg --fingerprint 0x748FF476
(or an equivalent command if she is not using GnuPG), where
0x748FF476 is the key ID of the key that is to be signed.
A hand-written sheet featuring all user ID's the signee wants me to sign and the fingerprint will be accepted, too.
I will sign keys using one of two signature classes:
| Signature Class II: | Used for sign-only keys where the below challenge/response dialogue was not possible or when signees do not wish to have their email addresses verified in this way. The latter should never happen, though. |
|---|---|
| Signature Class III: | Used for all other signatures |
A signature of Class III always means the email addresses were verified to belong to the signee.
A signature of Class II always means the email addresses were not verified to belong to the signee.
The signee should sign the strip of paper containing the fingerprint in my presense. For efficiency, exceptions will be accepted on larger keysigning parties.
After having received (or exchanged) proofs of identity, I will sign the sheet of paper myself to avoid fraud.
At home, I will prepare emails and send one to each of the mail addresses featured in the user ID's that I was asked to sign. They contain random strings encrypted to the public key whose fingerprint is printed on the paper.
For sign-only keys, the signee has to provide an encryption-enabled key to use for challenge sending instead. Failing that, the signature (if any) will only be of Class II.
Upon reception of encrypted replies, I will check the returned random string for equality with what I sent. The reply must be signed with the key that I was asked to certify, even if the challenge was encrypted to a different key.
User IDs that pass the above test are signed. If one of the user IDs fails the test, a warning is sent to the rest of the user ID's addresses and the procedure is retried with a new challenge at most three times until a successful response has been received or the procedure has been cancelled by the signee.
The signed keyblock is sent to a randomly choosen, signed user ID's address and one or more keyservers.
The signee may hint on which keyservers to use.
Christian KÜLKER, 2003-11-27References: This key signing policy was inspired by the key signing policy of Marc Mutz (v2). http://www.mathematik.uni-bielefeld.de/~mmutz/sign-policy.html