1. Preamble
2. Location
3. Prerequisites for signing
4. The act of signing
5. Levels of signatures
6. Trace the path to my keys
7. Links
8. Changelog
9. License

This policy is valid for all signatures made by the following GnuPG keys:

pub  2048R/AFD42D45 2001-01-04 Olaf Gellert 
     Key fingerprint = 8971 460E 813B 1FE0  6D7D 6D11 1D3B 7D5A
	  

This key will always be available on this page but the most current versions can usually be fetched from keyservers like pgp.zdv.uni-mainz.de, blackhole.pca.dfn.de or keyserver.kjsl.com. You can get my key 0xAFD42D45 here.

This policy was originally written on 2004-03-29 and will be followed from this date on but it may be replaced with a new version at any time. Content and structure of this document are strongly based on the GnuPG Key Signing Policy of Marcus Frings (which in turn was based on the OpenPGP Key Signing Policy of Marc Mutz and Jörgen Cederlöf) but have been slightly modified from the original sources.

I live in Hamburg (Germany) and I am open to sign keys at any time. The easiest way for verifying keys would be to meet me here in Hamburg. Another opportunity to get in personal contact would be to see me at certain computer related events (CeBIT, FIRST conference, and so on). I am also listed at biglumber.com, a webpage about key signing coordination.

The signee (the key owner who wishes to obtain a signature to his/her key from me, the signer) must make his/her OpenPGP key available on a publicly accessible keyserver (see above for example keyservers). Furthermore, for totally unknown persons, there must already be a signature path from me to their keys. To examine the path you should have a look at the section below. People wishing to enter the so-called "strongly connected set" should do so through better authentication, if possible through someone they know personally.

The signee must prove his/her identity to me by way of a valid identity card or passport. These documents must feature a photographic picture of the signee. No other kind of documents will be accepted.

For people from outside the European Union I will check the passport (a driving license or simple id cards will not be sufficient since I assume a high risk of fraud). Exceptions may be made if there is a good reason for me to do so.

The signee should have prepared a strip of paper with a printout of the output

gpg --fingerprint 0x12345678

(or an equivalent command if the signee does not use GnuPG) where 0x12345678 is the key ID of the key which is to be signed. A handwritten piece of paper featuring the fingerprint and all UIDs the signee wants me to sign will also be accepted.

The above must take place under reasonable circumstances (i.e. ourselves not being in a hurry, exchanging key data at a calm place and so on).

I prefer to have keys cross-signed so it does not make sense to ask me for signing keys if the signee is not willing to sign mine.

After having received (or exchanged) the proof detailed in the above I will sign the signee's piece of paper myself to avoid fraud.

At home I will send one e-mail to each of the mail addresses which are listed in the UIDs which I was asked to sign. These verification mails contain random strings and will be encrypted to the public key whose fingerprint is printed on the sheet.

Upon reception of encrypted and signed replies I will check the returned random string for equality with what I sent.

UIDs which pass the above test are going to be signed. If one of the UIDs fails the test a warning will be sent to one of the other mail addresses and the procedure will be halted until a satisfactory explanation has been received or the procedure has been cancelled by the signee.

The signed keyblock will then be uploaded to a randomly chosen set of keyservers. The signee can get it from there or choose to receive it through mail instead. It should be obvious that I expect the signee to sign my keys without any avoidable delay. The signee can either upload my keys to a keyserver or send it back to me by e-mail.

Depending on the character of the key which is to be signed by me I will use different levels of signatures:

Level 3

A level of 3 is given to sign-and-encrypt keys which successfully pass all the checks: I have met the signee, I have verified his/her identity card and fingerprint and his/her reply to my verification mails (being sent to the UIDs) has been correct. These signatures are the strongest in my web of trust.

Level 2

A level of 2 is given to sign-only keys. Usually their UIDs are of the type "Firstname Lastname" and not "Firstname Lastname <user@mailaddress.invalid>" which means that I can't (automatically) send verification mails to them. Besides encryption can't be used for these keys as they are sign-only. Please note that although these keys only get a level of 2 I have met the signee in real life and successfully verified his/her fingerprint and identity card.

Level 1

A level of 1 will never be used by me for it weakens the web of trust in my opinion. I have never signed keys without appropriate verification and I will never do so in the future.

Level 0

A level of 0 is given to keys belonging not to persons but to groups or organisations. Usually it is difficult to proof the relationship between the person identified and the organisation so these signatures are the weakest in my web of trust.

You can use the pathfinder of http://skylane.kjsl.com/~jharris/ which gives you a simple text printout:

If you like graphics you surely want to try out Jörgen's Wotsap:

Here are some links which you may find useful or interesting:

Version 1.0.0, 2004-03-29: Initial Release.

Copyright (c) 2004 Olaf Gellert.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.