OpenPGP: Key Signing Policy
It was also decided that each office barers key should last as long as they are in office, the new incombant creating a new key apon their election.To this end, during my time in the post my key will be 0x6415679569aa4946 and will be subject to the same signing policy as I has been in use on my personal key. This is detailed bellow.
This policy is valid for all signatures made by the following GnuPG keys:
pub 4096R/1FA1E814 2014-05-04 Primary OpenPGP Key
Key fingerprint: BB2C EB25 BE05 16A7 A9C6 F2FB EEB4 96E6 1FA1 E814
pub 2048R/69AA4946 2013-03-24 Software Society (Chairman) OpenPGP Key
Key fingerprint = CFAE 70BC 1735 BF50 C993 DACB 6415 6795 69AA 4946
This policy was first written on 2011-06-22 but the polices listed here have been followed since the creation of the key four days earlier on the 18th. Content and structure of this document are strongly based on the OpenPGP Key Signing Policy of Marc Mutz (Link no longer available) and Jörgen Cederlöf (Link no longer available) but have been slightly modified from the original sources.
I live in Dundee (Scotland) and am available to sign keys any time. If you want to arrange for a key-signing, your best chance of meeting me is in or near Dundee. Occasionally I’m in St.Andrews, Cupar and Perth. I can be reached thru the/feedback form on this site, Just be sure to include the phrase ‘key-signing’ in the subject line. I am also listed at biglumber.com, a webpage about key signing coordination. Meetings at computer related fairs are possible as well.
Usually I keep track of upcoming events where it would be possible. So if you would like to meet in order to sign keys check my events diary to find out where I will be.
Prerequisites for signing
The signee (the key owner who wishes to obtain a signature to his/her key from me, the signer) must make his/her OpenPGP key available on a publicly accessible keyserver (see above for example keyservers).
The signee must prove his/her identity to me by way of a valid identity card or a valid driving licence. These documents must feature a photographic picture of the signee. No other kind of documents will be accepted. This also implies that the signee’s key must feature his/her real name in order to be checked up on his/her identity card. A key which only contains a pseudonym will not be signed.
For people from outside the European Union I will check both of these two tokens (since I cannot assess their risk of fraud). Exceptions may be made if there is a good reason for me to do so.
The signee should have prepared a strip of paper with a printout of the output
gpg --fingerprint 0x12345678 (or an equivalent command if the signee does not use GnuPG) where 0x12345678 is the key ID of the key which is to be signed.
A handwritten piece of paper featuring the fingerprint and all UIDs the signee wants me to sign will also be accepted.
The above must take place under reasonable circumstances (i.e. ourselves not being in a hurry, exchanging key data at a calm place and so on).
The act of signing
After having received sufficient proof of identity I will sign the signee’s piece of paper myself to avoid fraud, and eventually sign the signee’s key.
The signed keyblock will then be mailed to the signee, or uploaded to a keyserver if expressly wished.
Key signing is performed on the understanding that the act of signing is mutual. If the signee fails to sign my key in return I reserve the right to revoke my signature from their key.
Signing requests of transitions to new keys
I have been asked what my position is towards requests from people (whose keys I had already signed) to also sign their new keys.
In principle, I agree to the procedure when I am reasonably sure the request is not bogus/a scam, and the following conditions are met:
Any signing request of transition to a new key
- must at least be signed by the still valid original key (which I also signed),
- the new key must also be signed by the still valid original key (which I also signed),
- the owner of the new key must cross-sign my keys in return with the new key first,
- the new key will receive the same level of signature as the still valid original key (which I also signed).
However, such a signing request may be declined without giving reasons. If unsure, enquire first.
Levels of signatures
A level of 0 is given to keys of Certification Authorities since in most cases the key owner is a whole organization and not a single person. Usually the fingerprints of those keys have to be verified by getting them from the corresponding website of the CA and cannot be checked by exchange with a member of the CA who is in charge. These signatures are the weakest in my web of trust.
If I have had contact with someone through signed or encrypted e-mail over a time long enough to rule out at least temporary man-in-the-middle attacks, and I have verified the key with a key downloaded from his/her personal web page, or signed emails/fingerprints on public mailing lists, but I have not met the person or verified the key in any other way, I may sign the key with cert check level one.
A level of 2 is given to sign-only keys. It is not clear to determine if the owner of the mail account is the same as the key owner because encryption cannot be used, hence the signatures only receive a lower level of 2.
A level of 3 is given to sign-and-encrypt keys: I have met the signee in person, I have verified his identity card (passport, or driving licence) and his key’s fingerprint. I was also able to send my signatures encrypted with the corresponding key of the signee. These signatures are the strongest in my web of trust.
Photographic UIDs are also going to be signed with a level of 3 if I can still remember the signee’s face when I will be back at home.
I will also sign keys at level 3 when I know the signee personally, I do not require ID card or the above formal procedure. A meeting where we exchange fingerprings is enough. Naturally, it would be extremely hard to trick me into signing a false key this way.
Here are some links which you may find useful or interesting: Key signing policies of other people:
- Jörgen Cederlöf (Link no longer available)
- Olaf Gellert
- Marc Haber
- Jürgen Nieveler
- Thomas Bader
- Sebastian Inacker
- Markus Reichelt
- Version 220.127.116.11, 2014-12-14 – Content migrated to new markdown site
- Version 18.104.22.168, 2013-09-21 – Applied this policy to my smartcard key
- Version 22.214.171.124, 2013-03-25 – Applied this policy to my second key
- Version 126.96.36.199, 2013-03-22 – Removed dead URL from links
- Version 188.8.131.52, 2012-01-19 – Content Recovered from Google Cache
- Version 184.108.40.206, 2011-11-30 – Initial Release.