-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
This policy is digitally signed by my key 5F993CAE starting from this line. Only when it verifies successfully the text is (very likely to be) identical to the version I composed.
This policy is valid for signatures created after 2006-07-22. (Look at "Change Log" for policies for signatures created before this date.)
I sign (almost) all e-mail I send digitally. So any e-mail, that seems to originate from me, but that is not signed with my digital key, can be considered to be forged in the first instance.
My actual key for signatures and encryption of e-mail and files is:
pub rsa4096 2018-05-16 AC91 7B95 D100 6A22 1BED 3C2E 0614 7FE5 5F99 3CAE uid Peter L. Smilde <smilde(a)terrasysgeo.com> uid Peter L. Smilde <peter.smilde(a)smilde-becker.net> uid Peter L. Smilde <smilde(a)terrasysgeo.de>
My previous key, which was revoked 2018-06-19, used for signing, was:
pub dsa1024 2002-10-23 [SC] [revoked: 2018-06-19] 4B63 016E DC04 56AE 7C86 7DA3 142B 50CE B0E4 BF99 uid Peter L. Smilde <smilde(a)terrasys.de> uid Peter L. Smilde <peter.smilde(a)smilde-becker.net> uid Peter L. Smilde <smilde(a)terrasysgeo.com>
The file which is linked to http://www.smilde-becker.net/pls/OpenPGP/5F993CAE-policy.txt is identical to this policy file; as any http://www.smilde-becker.net/pls/OpenPGP/XXXXXXXX-policy.txt files, where XXXXXXXX is the short KeyID of signing subkeys of this key.
I sign keys of people I know personally within a social context, after a possibly arbitrary reduced keysigning procedure (s. below), with signature class 3.
I sign keys of other people after the complete keysigning procedure (s. below) with signature class 2.
I sign keys of organizations (e.g. Certification Authorities, CA's) after a possibly arbitrary reduced keysigning procedure with signature class 0, when I have have checked that the organization (1) handles the key "carefully", (2) has an OpenPGP-policy similar to mine, (3) is publicly known under the name listed in the UID, (4) has published the key (fingerprint) officially, (5) has used the key on my request, and that (6) the fingerprint of this used key matches the fingerprint of the published key.
I never sign with signature class 1.
My actual key for key signatures is:
pub 1024D/FC796E69 2003-05-12 Key fingerprint = 1AC3 4A8B 5655 22AE 7E5C 1021 A17A E4D9 FC79 6E69 uid Peter L. Smilde (signature only) <peter.smilde_at_smilde-becker.net>
The file which is linked to http://www.smilde-becker.net/pls/OpenPGP/FC796E69-policy.txt is identical to this policy file.
Steps 4/5 can be combined by one of the participants and steps 5/6 by the other one.
Peter L. Smilde
2019-08-10
No changes in the procedure itself. Activated new key 5F993CAE and revoked key B0E4BF99.
No changes in the procedure itself, just changed XHTML tags for PGP attachments.
No changes in the procedure itself, just added a UID to key 5F993CAE.
No changes in the procedure itself, just changed formatting and added XHTML tags.
Added that the encryption of the returned "challenges" can be obligatory (step 4) or optional (step 4 and 6).
I have made no public signatures before, with a procedure that was conflicting with this version of the policy.
No changes in the procedure itself, only textual improvements:
I have made no public signatures before, with a procedure that was conflicting with this version of the policy.
Initial version.
I have made no public signatures before, with a procedure that was conflicting with this version of the policy.
This policy is digitally signed by my key 5F993CAE up to this line.
-----BEGIN PGP SIGNATURE----- iQKbBAEBCACFFiEEt8VuyvIPj4dJehwfjOtlTtl0HcUFAl1PR2I0Gmh0dHA6Ly93 d3cuc21pbGRlLWJlY2tlci5uZXQvcGxzL09wZW5QR1AvcG9saWN5LnR4dDIYaHR0 cDovL3d3dy5zbWlsZGUtYmVja2VyLm5ldC9wbHMvT3BlblBHUC9EOTc0MURDNQAK CRCM62VO2XQdxSIjD/9YWOHnJVqwf6GRrC2+wSLuGf2g4TaHAJGBJLLeR0PyxGES CXKTB85SE0RR1Xm3Nu6VmxG8v4DswvEnv+ew2O1DDmpi2fKuVzu6rqghxuNvUmIz u2WLsg3XMGQoryStnYNuND84YZR1fbSfknqkt94PYEdfI4QSish795GzjlyAoEDd ScxZA94CdkNv1srWQL+hwrn5LFJrkMV62yk9V/4g21msWpQS/dqI5VJ1JjK2Mnqc XXvOj1KMW6urWXwCx7BU7IlNgsajHd33tVfwJxsSRKUk/p06sdv7px2jRMTK70Mt 4UoUcX7obn83fAW+Ll+ywa4/hIoxTK0QpMZ9HFeZQNLWforCED6cpyZuhKc60wDN iP58tLZbnJ8jvfzNC5ln5yzwJD1AMwVl3XJkC+vmGEGEFuTjgZLOEJQixiWt/QW1 G8tW2BPddK1YBXrwG438LA9gyhQExm+2NQJUtakc76nRAnoUkqPncpIddiJ/JaP7 SmKkV2CvkDbE5NPip1fD9ow0/B3V6cEBWehC0mE6CZWOqAuOUXbQZCBpBufgtXOG V6I0t4THJTEUcb+5IkvFiQ30ZtPoEVpJEqLlq4ab/gNT6pwMMQuJ0JnR+H+LCtAU UJXZpTGOKNZVvnuX1E9wNXsZzjlIOSh8ISLNL4ingBR/7t99xXwNqWIeZ83+TA== =DTXI -----END PGP SIGNATURE-----