-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I, the holder of the OpenPGP key 0x1BD95BD9E18474D1, hereby describes the policy I apply when certifying other OpenPGP public keys. Certification levels ==================== As per RFC 4880 §5.2.1 [1], User IDs can be certified using four distinct levels, which are dubbed “generic” (level 0x10 in GnuPG manuals), “persona” (level 0x11), “casual” (level 0x12), and “positive” (level 0x13) [1]. Here is how I appreciate and use these levels, specified by octet in the certification level when signing a key: 0x11: Persona certification of a User ID and Public-Key packet. If I have have not done any verification of the claim that the owner of this key is the User ID specified. I rarely sign keys under this level. 0x12: Casual certification of a User ID and Public-Key packet. I've done some casual verification of the claim of identity. I use this level if the user does not disclose it's full name in the Public-Key packet, but will sign it under 0x12 if it does contain a photo. 0x13: Positive certification of a User ID and Public-Key packet. I've done substantial verification of the claim of identity. Including a check of government issued ID, and check of the fingerprint of the Public-Key packet. The user may choose conceal irrelevant Personal Identifiable Information (PII) or Sensitive Personal Information (SPI) from it's governemnt ID. Such as the place of birth, date of birth, and social security number. With the exception of expire date, photo, and fullname. Signature distribution ====================== As an additional method of verification, signatures are only sent encrypted by email to the email address specified by the Public-Key packet. The keyholder is responsible for decrypting the message in order to use, or upload the signature. Trust signatures ================ I don’t emit “trust signatures” (RFC 4880 $5.2.3.13). [1] http://tools.ietf.org/html/rfc4880#section-5.2.1 -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjdzMdSiCv40DjxuRBVLysjo0FNYFAlyNN8MACgkQBVLysjo0 FNZzbg//WzisOd5dbTNi4hIIw/Qjp8pOCgkdGg8NkVyU90a4U0+gL1lWkrzRApbf +D3x7BqSQW4GLugQPnCYEOmOC1ht98j+9iB/W6eSDrezNILdzBbwTBT/g0JeBhCO aQEalSIGPLANisgzwyLq6Ij6v1GWEFrGVehoJpWiCz7KR3rdFs0t5nDbWt3EjRd/ 5/WTTHVx5i7DJxzbNImiZ0OIYzky23F7XqpFj6K8s5bdWJMuXxpxUheU/fvG/vWd ekmBsvvmbtyZE+bFUYMmUOuBGrkaL7F66LPmf4TRZWKyhPZEw+/9fyBGJZVt3qkT gVbr1UuuUY2TCzzIn0w5Uv1N4P9XCiNfJnjsVG0Z2AH8IEA7tk8I5pif+xvdQOSY bv87SKsV/S/7V8fhlCdhmQMp8RcVmp5ebv9YZNa+xGCOaQ1JVTo9pD9oGAE4UjkC ZNKdGrqOgNBNWYd+qB3ldlmP4OaJLxbEIwRnPUZlZdLLepRTi7YsdH/aXFqi7UWv 0FOQmsr3KeMY7ElmfJuE3nDjbDujYJDanYbx80SKUVTcFXFgMjGchQLo3A6Wug7D fk4UwbwHY3/YgVKnh2HI3ER7YWNaBNgxyf3cqlPUUsSb3g7vL7D7PUdE2BJmbq+6 hqH4WU2o3c77RYXdMEa/y9EnVePEnv7TIDySl07sfQ0yl1zKlHQ= =p+Xu -----END PGP SIGNATURE-----