-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Key-signing policy for Martin Felix Krafft, OpenPGP key 55c9882d999bbcc4 ======================================================================== Time stamp: 200907121833 Author contact: mail <@t> martin-krafft.net Preamble ~~~~~~~~ This document establishes and presents the certification policy for OpenPGP keys. It applies to all key certification signatures made with the following key since 6 July 2009: pub 4096R/55C9882D999BBCC4 2009-07-06 Key fingerprint = 2CCB 26BC 5C49 BC22 1F20 7942 55C9 882D 999B BCC4 This document is only valid if it appears signed by this key. Instructions to verify the policy document can be found further down. Terminology ~~~~~~~~~~~ For the purpose of this document, * MYKEY will refer to the aforementioned 4096-bit RSA/OpenPGP key with fingerprint 2CCB 26BC 5C49 BC22 1F20 7942 55C9 882D 999B BCC4, created on 6 July 2009. * I, as the sole person capable and authorised to make key certification signatures with MYKEY, am hereto forth known as the SIGNER; * a key may have any number of user IDs attached to it. Such a user ID will be referred to as UID. * a person, who is in control of an OpenPGP key with one ore more UIDs that have one or more signatures made with MYKEY attached, will be henceforth referred to as SIGNEE; * that person's key shall be known as OTHERKEY. * the single signature, or set of signatures made by MYKEY on a single UID of OTHERKEY shall be called CERT. Certification policy ~~~~~~~~~~~~~~~~~~~~ This certification policy differs from many of the policies used by other people in that SIGNER regards reconnaissance of a person as paramount, and legal identity documentation as secondary. SIGNER does not issue CERTs for keys that are shorter than 2048 bits. According to this policy, a CERT certifies that 1. SIGNER has known SIGNEE for a substantial period of time[0]; 2. SIGNER can identify SIGNEE without hints, and recall previous meetings; 3. SIGNEE presented, in person, the full fingerprint of OTHERKEY, and SIGNER verified with that fingerprint that he was signing precisely OTHERKEY when issuing the CERT; 4. SIGNER has established the identity of SIGNEE through a legal document of identification presented, in person, by SIGNEE, and the identity information on that document matched those of the UIDs signed. An internationally accepted travel document (such as a passport) yields signature level 3, rather than just 2 (see below); 5. The document in (4.) included a representative photo of SIGNEE; 6. The format of the document in (4.) was known to SIGNER at the time; 7. The document in (4.) did not have any obvious signs of tampering; 8. SIGNEE proved control over OTHERKEY, either by successfully decrypting the CERT before being able to import it (SIGNER never uploads to key servers directly), or by responding to a challenge with a message signed with OTHERKEY. In the case of UIDs with e-mail addresses, the following are also certified: 9. SIGNEE was able to receive the signature at the specified e-mail address at the time the signature was transmitted (shortly after it was made). In the case of UIDs with comments that establish an affiliation, e.g. to a project, a company, or an institution, the following is also certified: 10. SIGNER had no doubt at the time of signing that SIGNEE was affiliated with the identified project, company, institution, organisation, or other body or group. SIGNER will not issue a CERT if the use of the comment on the UID is not reasonable. In the case of photo UIDs, the following is also certified: 11. SIGNER was able to recognise SIGNEE in the photo UID, and recalled the meeting, as per (2.). The photo need not be identical to the photo in (5.). CERTs on UIDs that do not contain an e-mail address will only be transmitted via e-mail to an address on another UID that SIGNER also certified. In particular, SIGNER never uploads CERTs to key servers directly. [0]. I think there is a fundamental problem in mass key-signings, which is why I do not sign keys by people I do not know. For more information, please read http://madduck.net/blog/2009.07.12:formalising-my-keysigning-policy/ Signature levels ~~~~~~~~~~~~~~~~ SIGNER uses signature levels to identify the level of the CERT: 0. SIGNER never uses signature level 0; 1. Level 1 indicates that no reliable verification was performed, e.g. because the CERT was given to a role, a certification authority, or an organisation, and is never used for signatures on personal keys; 2. Level 2 is default and indicates that SIGNER has no reservations issuing CERT to SIGNEE; 3. Level 3 indicates that SIGNEE presented SIGNER with an internationally accepted travel document (such as a passport). Validity of CERTs ~~~~~~~~~~~~~~~~~ CERTs are only valid if they contain a policy URL to this document, or an earlier revision, which has been GPG-signed with MYKEY. The policy URLs have the format http://martin-krafft.net/gpg/cert-policy/55c9882d999bbcc4/[YYYYMMDDHHMM]?sha512sum=[SHA512SUM] where [YYYYMMDDHHMM] is the time stamp down to the minute, and [SHA512SUM] is the SHA512 sum of the whole document, including the in-line signature. Verification ~~~~~~~~~~~~ All CERTs have a certification policy URL embedded. Such URLs take the form: http://martin-krafft.net/gpg/cert-policy/55c9882d999bbcc4/[YYYYMMDDHHMM]?sha512sum=[SHA512SUM] Remember that [YYYYMMDDHHMM] and [SHA512SUM] are templates (see above). There are three steps to verifying the integrity and authenticity of the policy document. The `wget` command will download the document to a file named according to the time stamp template [YYYYMMDDHHMM]: 1. wget "http://martin-krafft.net/gpg/cert-policy/55c9882d999bbcc4/[YYYYMMDDHHMM]?sha512sum=[SHA512SUM] 2. echo '[SHA512SUM] [YYYYMMDDHHMM]' | sha512sum -c This step verifies that the document has not changed since the time the signature has been made, and thus the policy described is the actually policy that was in place at the time of the signing. Alternatives to `sha512sum` are `openssl dgst -sha512`, and `gpg --print-md SHA512`. 3. gpg --verify < [YYYYMMDDHHMM] This step verifies that the document itself is authentic and has been signed off by SIGNER. If there are any doubts pertaining to the authenticity of a CERT, please do not hesitate to get in touch with SIGNER (contact information in the header of this document). Credits ~~~~~~~ Thanks to Adrian von Bidder for the idea of using a certification policy in the first place, and the way to embed the check-sum into the policy URL. Thanks to Elmar Hoffmann for feedback on the initial version of this document. Thanks to Tollef Fog Heen for insisting I use a stronger hash then MD5, even though I would never go through the trouble to rephrase my policy in such a way that the signed form would MD5-collide with the previous (signed) version. That would totally ruin my weekend. Anyway, Tollef will be held personally responsible for everything and all consequences when SHA512 gets broken. Thanks to Manoj Srivastava for convincing me to revise the policy and requiring SIGNEE to prove control over OTHERKEY. Revisions ~~~~~~~~~ A new revision of this policy replaces all earlier revisions, but obviously does not affect previous CERTs. The latest revision can always be downloaded from http://martin-krafft.net/gpg/cert-policy/55c9882d999bbcc4/current Change log: 200907121833 Incorporated feedback to blog post. Ready for use. 200907062055 Initial version Licence ~~~~~~~ You may use this document under the terms of the Artistic Licence 2.0. Copyright © 2009 Martin F. Krafft -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQIcBAEBCgAGBQJKWhBUAAoJEFXJiC2Zm7zErkkP/2C+3TV1FXIiqycV7OaFOg34 29s0txApSXb/EbUI9qgI7GKfiaiS9aqWUaW1eepKQjG6ulCbhht6gYCUMId+YYQu Z96Jj0xORIjLan3Jrsz+nkyKu+S9kWRqgMEHdaQ6AfsgHs5xpzplS1Yfejd5A/9q zSJcjIUyxVN31Rw7udgxbe5apG7oV7Q/kO8lFhYAb/u7Mb5GLcHxkSQl/U4MoCb7 OtTJkBfxom4uqAm0WULS3bI2b5T/+uafbRnLyEyZbDEvk/NWOqyM6ICDx7nFZzAm WPSWjxcIwbHJPhbJ8StPwxwG4JscJoBK7XiaPhwwCM6tiMtd+XkQdjkXRCmg0FT+ vs0eNymj9WvQ/KAaP5XAOXfSoAzbwIQx2yxRKKOLHsWUJvazwRoNrAlUGwR3dPA2 EV9CkR8mVIYFK2WVduyEsgzss0VTrgU3z9zYlyMmDl6TKxpLKaQb4Q9VNB+zGjpb AN6+WXoT5vAh438/8XxJGbIWsU2cKxZrE/SkxBpUezj2hYGskONCZWkct2AyjBQ3 AGjk8hMM3kmdp6+yuE/RWt0hLHBU2Y5B6oaM4FsYJWXruNRd3FYfA+Rwl3NnWJKp /rwmrWCsfbmbvS7FGqkeZeF4tdfi5rVpNmPDeqJU1uqKlvVA60zeosC3YkjPyUjo Q4/GdKI5ZaHRDmjWyl2T =3R63 -----END PGP SIGNATURE-----