The signee (the key owner who wishes to obtain a
signature to his/her key from me, the signer) must
make his/her OpenPGP key available on a publicly accessible
keyserver (see above for example keyservers). Furthermore,
for totally unknown persons, there must already be a signature
path from me to their keys. To examine the path you should have
a look at the section below. People wishing to enter the
so-called "strongly connected set" should do so through better
authentication, if possible through someone they know
The signee must prove his/her identity to me by
way of a valid identity card or passport.
These documents must feature a photographic picture of the
signee. No other kind of documents will be accepted.
For people from outside the European Union I will check
the passport (a driving license or simple id cards will
not be sufficient since I assume a high risk
of fraud). Exceptions may be made if there is a good reason
for me to do so.
The signee should have prepared a strip of paper
with a printout of the output
gpg --fingerprint 0x12345678
(or an equivalent command if the signee does not
use GnuPG) where
0x12345678 is the key ID of
the key which is to be signed.
A handwritten piece of paper featuring the fingerprint and
all UIDs the signee wants me to sign will also be
The above must take place under reasonable circumstances (i.e.
ourselves not being in a hurry, exchanging key data at a calm
place and so on).
I prefer to have keys cross-signed so it does not make sense
to ask me for signing keys if the signee is not willing to sign mine.