KEY SIGNING POLICIES

Please note that the policies expressed in this document can be changed at any time and without warning or notice, at the sole discretion of the author.

Policy for IRC or other virtual identities

Signatures done by this policy are not meant to be a proof of identity outside of the virtual community in which they are established. All names used in this policy are to be considered pseudonyms (including my name).

I will consider signing your key with a certification level of 2 if the following conditions are met:

1. You must request that I sign your key and provide me your key fingerprint.
2. I have no reason to mistrust you and, in fact, I must have good reason to extend my trust to you. This factor is completely my decision and is final. No explanation is necessary and none should be expected.
3. The UID of your key must be related to the virtual community that we share by meeting the following criteria:
• The Real name field of the UID must be the same name by which I know you. For example, the registered and normal IRC nickname that you use in an IRC community .
• The email field must be an address associated with our common virtual community.
4. You will then be given a challenge-response test as follows:
   1. I will send an encrypted message to the address listed in the email field of your UID including a unique string of no fewer than 10 characters
   2. You must then send this string to me using the communications of the virtual community that we share (such as an IRC channel)
5. You reply to my email with a signed message that asserts the following:
• that the key is yours
• the private part is under your sole control
• the key will be kept safe and secure to the best of your knowledge and ability
• your key has a strong passphrase

Every signed key will be promptly uploaded to a public keyserver.

Revocation Policy

I may revoke my signature on your key if I no longer feel it is warranted. Do not expect warning, notice, nor an explanation, but a reason for revocation might include any of the following:

• your key was signed under an outdated policy
• I have any reason to no longer extend my trust to you
• either of us becomes inactive in the common community from which my trust was gained
• I am unable to contact you using available contact information
• I have reason to believe that your key has been compromised.

Policy for real life identities

Signatures done under this policies are intended as general proof of identity.

I will consider signing your key with a certification level of 3 if the following conditions are met:

1. You must request that I sign your key and provide me your key fingerprint.
2. I know you in person by having maintained a continuous business or social relationship for at least the previous 12 months
3. I have no reason to mistrust you and, in fact, I must have good reason to extend my trust to you. This factor is completely my decision and is final. No explanation is necessary and none should be expected.
4. You prove to my satisfaction that your real legal name, including surname, are the same as listed in the UID Real name field of your key. This can be done by presenting a government issued photo ID, such as a valid passport or driving license.
5. You will then be given a challenge-response test as follows:
   1. I will send an encrypted message to the address listed in the email field of your key including a unique string of no fewer than 10 characters
   2. You must then send this string to me using a mutually agreed upon trusted (secure) method such as Jabber communications using a previously verified OTR key, but preferably by an actual meeting in person.
6. You reply to my email with a signed message that asserts the following:
• that the key is yours
• the private part is under your sole control
• the key will be kept safe and secure to the best of your knowledge and ability
• your key has a strong passphrase

Note: It is possible that in a rare situation which prevents all of the above conditions to be met that I might offer to sign your key with a temporary certification level of 2 until all of the above conditions can be fully satisfied.

Every signed key will be promptly uploaded to a public keyserver.

Revocation Policy

I may revoke my signature on your key if I no longer feel it is warranted. Do not expect warning, notice, nor an explanation, but a reason for revocation might include any of the following:

• your key was signed under an outdated policy
• I have any reason to no longer extend my trust to you
• the business or social relationship from which my trust was gained no longer exists
• I am unable to contact you using available contact information
• I have reason to believe that your key has been compromised.

Policy Dates

This policy is effective as of March 10, 2015.

Signature

This document has a digital signature which can be used to verify it's authenticity.