Commits

Thejesh GN committed e7c5f0f

updated gpg policy

  • Participants
  • Parent commits acf5632

Comments (0)

Files changed (1)

File gpg-policy.txt

+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
 
 This policy is valid for all signatures made by the following GnuPG keys:
 =========================================================================
 =========
 I live in Bangalore, India. and I am open to sign keys at any time. The easiest way 
 for verifying keys would be to meet me here in Bangalore. Another opportunity to get 
-in personal contact would be to address me at certain computer related confs (FOSS.in, DroidCon etc). I am also listed at biglumber.com, a webpage about key signing coordination.
+in personal contact would be to address me at certain computer related confs 
+(FOSS.in, DroidCon etc). I am also listed at biglumber.com, a webpage about key 
+signing coordination.
 
 Prerequisites for signing:
 ==========================
-The signee (the key owner who wishes to obtain a signature to his/her key from me, the signer) must make his/her OpenPGP key available on a publicly accessible keyserver (like http://keyserver.ubuntu.com).
+The signee (the key owner who wishes to obtain a signature to his/her key from me, 
+the signer) must make his/her OpenPGP key available on a publicly accessible keyserver 
+(like http://keyserver.ubuntu.com).
 
-The signee must prove his/her identity to me by way of a valid identity card or a valid driving licence. These documents must feature a photographic picture of the signee. No other kind of documents will be accepted. This also implies that the signee's key must feature his/her real name in order to be checked up on his/her identity card. 
+The signee must prove his/her identity to me by way of a valid identity card or a 
+valid driving licence. These documents must feature a photographic picture of the 
+signee. No other kind of documents will be accepted. This also implies that the signee's 
+key must feature his/her real name in order to be checked up on his/her identity card. 
 
 The signee should have prepared a strip of paper with a printout of the output
 
   gpg --fingerprint 0x12345678
 
 
-(or an equivalent command if the signee does not use GnuPG) where 0x12345678 is the key ID of the key which is to be signed.
+(or an equivalent command if the signee does not use GnuPG) where 0x12345678 is the key 
+ID of the key which is to be signed.
 
 The act of signing:
 ===================
-After having received (or exchanged) the proof detailed in the above I will sign the signee's piece of paper myself to avoid fraud.
+After having received (or exchanged) the proof detailed in the above I will sign the
+signee's piece of paper myself to avoid fraud.
 
-At home I will sign the UIDs which I was asked to sign. Each signature will then be mailed separately to the corresponding mail address of the single UIDs.
+At home I will sign the UIDs which I was asked to sign. Each signature will then be 
+mailed separately to the corresponding mail address of the single UIDs.
 
-The following paragraphs describe the procedure, preconditions and possible results of me signing data or keys.
+The following paragraphs describe the procedure, preconditions and possible results of 
+me signing data or keys.
 
 Key Signing
 ===========
 
 Level 3
-This level will only be given to people I know long enough to be absolutely sure of their identity. Mostly friends, family and long term co-workers will receive this level of signature.
+This level will only be given to people I know long enough to be absolutely sure of 
+their identity. Mostly friends, family and long term co-workers will receive this level 
+of signature.
 
 Level 2
-I have met the signee, I have verified his/her identity card and fingerprint and I was able to send my signatures encrypted with the corresponding key of the signee. 
+I have met the signee, I have verified his/her identity card and fingerprint and I was 
+able to send my signatures encrypted with the corresponding key of the signee. 
 
 Level 1
-A level of 1 will never be used by me for it weakens the web of trust in my opinion. I have never signed keys without appropriate verification and I will never do so in the future.
+A level of 1 will never be used by me for it weakens the web of trust in my opinion. I 
+have never signed keys without appropriate verification and I will never do so in the 
+future.
 
 Level 0
-A level of 0 is given to keys of Certification Authorities since in most cases the key owner is a whole organization and not a single person. Usually the fingerprints of those keys have to be verified by getting them from the corresponding website of the CA and cannot be checked by exchange with a member of the CA who is in charge. These signatures are the weakest in my web of trust.
+A level of 0 is given to keys of Certification Authorities since in most cases the key 
+owner is a whole organization and not a single person. Usually the fingerprints of those
+keys have to be verified by getting them from the corresponding website of the CA and 
+cannot be checked by exchange with a member of the CA who is in charge. These signatures 
+are the weakest in my web of trust.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
 
+iQIcBAEBCgAGBQJQlXkhAAoJEL/8jdPAbdawEhkP/3Sl8dMEYQvDNaxHLGBuNvCa
+n+CCzaB4cVDuUtg2RrkwGI43GQsRj0bOcQsLJSP/b9jVdtl9KncJuhsCSohALgNM
+40q7Qu1bFmEfQT3EI+rsnA4g4AU1YMu1pXOg4KQfMxO5SPgnqaNCJO9IKVw0n5q6
+ne8/O4nPQ8aCruu5oHiAVJ5xRE5yTuEyhgd1iUPqCFDIgBSGGbBV8D18vuwgXLkd
+QVVPlfSvZyg+NvEi0+g487DeV15PAJV5GZ1d5/7r14iCInCdpr/Zmcwhf1oRe/rF
+Fng30vdfXIbLG7VmMxbmntvmWfY5+YTioca5fOEpDM4sdN1VrYZ7deu0qSXhhnlC
+Z/8nOb8l5xMvRBbYYZVEYY3NHdHWYKelG5Wsavh2D/b4jKiwmXiVZvNAn/U4A86V
+WZVHMIXaYzfEAzVn9doXQQNNrv0xVGG150n9qvBo3q32GiwytKZf9LajhHQy/2Uv
+jJfqffSx2DmbiONRRmr7yYT2MSt1+a5767g6LKXQ4OQgeSuzLt8GNIioHLPbX+Ln
+5SDD340JRLiqZ7uoPnvppD628plGOyaeF3zx5FqXXOfPOHppi68QHD7wogk6eE4i
+lOVb5VThd8Mmsw20oiaJkwPA2AhFwzyyfacE7byS9S/QMXhy4n7j5v6JUhw/DL3g
+AbXVDJmRabzzg65+luPd
+=IrFi
+-----END PGP SIGNATURE-----