Thejesh GN  committed 1d117a5

gpg policy

  • Participants

Comments (0)

Files changed (1)

File gpg-policy.txt

+Hash: SHA1
+Thejesh GN <>
+Fingerprint: C7D4 1911 9893 ADAF 27B0 FCAA BFFC 8DD3 C06D D6B0
+GnuPG Signature Policy
+The following paragraphs describe the procedure, preconditions 
+and possible results of me signing data or keys.
+ Data or Email Signing
+ ============
+Only some emails from my UID are signed. But if you really want
+to be sure that the mail/note is from me then it has to be signed by me.
+ Key Signing
+ ===========
+ For signing keys, I use the same key as for signing data. To ensure the
+ validity of the web of trust, I stick strictly to the following points:
+   * In most cases, personal validation is required to obtain a signature from
+     me. Personal validation means that a government issued document containing the
+     full name and a photo must be presented to me at an eye-to-eye meeting.
+   * Fingerprints and UIDs of the key(s) to be signed must be provided in a re-
+     liable and readable way. During personal validation, a printed version of
+     all UIDs and the key fingerprint should be provided.
+   * In rare cases, I also sign keys without personal validation. This is only possible if 
+     I know you for a long time and I am really really sure that the key belongs to you.
+   * In rare cases, names can be signed that cannot be verified with any document.
+     This is the case for well-known nicknames in the FOSS community.
+   * A sig3 is only issued to keys of people whom I ultimately trust on a human
+     basis, this is limited to close friends and people that have proven reliabi-
+     lity and knowledge of the web of trust in other areas (like, but not limited
+     to, CAcert, etc.).
+   * In order to obtain a sig3, basic knowledge of these terms should be shown.
+This document is a draft and will be extended over time, without rendering the
+current content invalid.
+This notes itself was inspired by
+Version: GnuPG v1.4.11 (GNU/Linux)