-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenPGP - Policy ------------------ http://www.smilde-becker.net/pls/OpenPGP/policy.txt Digital e-mail/file signatures: - ------------------------------- I sign (almost) all e-mail I send digitally. So any e-mail, that seems to originate from me, but that is not signed with my digital key, should be considered to be forged. My actual key for signatures and encryption of e-mail and files is: pub 1024D/B0E4BF99 2002-10-23 Key fingerprint = 4B63 016E DC04 56AE 7C86 7DA3 142B 50CE B0E4 BF99 uid Peter L. Smilde uid Peter L. Smilde sub 1024g/539BDAA1 2002-10-23 sub 1024R/A725B012 2005-04-01 sub 1024R/7BBC5696 2005-04-01 (http://www.smilde-becker.net/pls/OpenPGP/B0E4BF99) Keysigning signatures: - ---------------------- I sign keys of people I know personally within a social context, after a possibly arbitrary reduced keysigning procedure (s. below), with signature class 3. I sign keys of other people after the complete keysigning procedure (s. below) with signature class 2. I sign keys of organizations (e.g. Certification Authorities, CA's) after a possibly arbitrary reduced keysigning procedure with signature class 0, when I have checked that the organization (1) handles the key "carefully", (2) has an OpenPGP-policy similar to mine, (3) is publicly known under the name listed in the UID, (4) has published the key (fingerprint) officially, (5) has used the key on my request, and that (6) the fingerprint of this used key matches the fingerprint of the published key. I don't sign with signature class 1. My actual key for key signatures is: pub 1024D/FC796E69 2003-05-12 Key fingerprint = 1AC3 4A8B 5655 22AE 7E5C 1021 A17A E4D9 FC79 6E69 uid Peter L. Smilde (signature only) (http://www.smilde-becker.net/pls/OpenPGP/FC796E69) Keysigning procedure: - --------------------- 1 - Exchange fingerprints of the keys to be signed. 2 - Check fingerprints, UID's, identity card/passport. 3 - Exchange "challenges" (random text) on a slip of paper. 4 - Send these "challenges" signed (with all keys to be signed, if possible) and encrypted back by e-mail. 5 - Exchange encrypted new "challenges" by e-mail (to all UID's to be signed, if possible). 6 - Send these new "challenges" encrypted back by e-mail. 7 - If everything is OK: send signed key to its owner by e-mail. Steps 4/5 can be combined by one of the participants and steps 5/6 by the other one. -- Peter L. Smilde 2005-06-30 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iQENBAEBAgB3BQJCxFbTPRpodHRwOi8vd3d3LnNtaWxkZS1iZWNrZXIubmV0L3Bs cy9PcGVuUEdQL0E3MjVCMDEyLXBvbGljeS50eHQyGGh0dHA6Ly93d3cuc21pbGRl LWJlY2tlci5uZXQvcGxzL09wZW5QR1AvQTcyNUIwMTIACgkQ4CNGEKclsBLsugQA l15n+1Txk8PWWIAAo149tEHAzoxt2wz7WACGxZo690aMEjtBSB1HfcjY/qarDqHi AB5InfSKKYCOHQQlcgoGZbZ9xxmNKOr6WaAIaZUJ9ydwJVhnUi+wUAE67j+P3OIw EgtUtqQmYe89Oea8wnWCn/gLWHQXcjop9b2s2xKc0Q0= =Z/YO -----END PGP SIGNATURE-----