-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CA Policy - Enrico Scholz This document describes the CA policy for GPG signatures * which are pointing to this page. * created by Key [1]0x0D001429 (Fingerprint: 6FDE A4DD 4B7D 8DA1 D3D5 E03F BC91 6AF4 0D00 1429) which is owned by Enrico Scholz Key-Security I am using subkeys to sign mails and documents resp. for encrypting. Only main-keys are used for signing. Key 0x0D001429 The signing key is stored only on a CDROM and since 2007 on an encfs crypted USB stick which are mounted on demand. Signing itself happens on a machine which was and is connected to the network before and during the signing; hence, attacks by viruses or trojans can not be excluded. Cert-Levels I will use the following cert-levels for signing other peoples' (short: signee) keys: Level 0 This level will not be used by me Level 1 This level will not be used by me Level 2 This level will be used by me when I verified casually the identity of the signee. This means: + I knew the signee and saw him/her physically + I asked the signee face-by-face or during a telephone conversation for the fingerprint for his/her key + I verified the plausibility of the key (see below) + I verified the email address(es) associated with the key (see below) Level 3 This level will be used by me when I verified extensively the identity of the signee. This means: + I saw the owner of the key physically + I saw a hard to forge document with a photo ID. This document MUST be valid at time of verification. + I verified that the owner of the key is shown on the photo ID + I verified that the name of the signee matches the name in the document + I asked the signee face-by-face for the fingerprint for his/her key resp. she/he verified the fingerprint + I verified the plausibility of the key (see below) + I verified the email address(es) associated with the key (see below) Common in all cases is, that the user ID (short: uid) associated with the key(s) must be plausible. This means: * The uid MUST be associatable with the name of the signee * The uid MUST contain the first- and the surname of the signee. Abbreviation are not allowed * Secondary forenames can be abbreviated * Whole uid MUST sound like a reasonable fullname * Nicknames can be part of the user ID but must be clearly recognizable as such ones * Transliteration of umlauts (e.g. "oe" instead of "รถ") are accepted The email address(es) associated with key will be verified by: * Encrypting the signed key with the key itself * Sending this message to the email address from the key * Not uploading the signed key to a key server * When a key consists of pubkeys for multiple uids/email addresses, my signature was sent to all email addresses but only for that uid which is associated with an email address. Links 1. http://gpg-keyserver.de/pks/lookup?search=0x0D001429&op=vindex -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iQEVAwUBRgUO0wc3PX/XHFA7AQruKwgAzyDS3o1lPho0gBSad7EzEeArJNNon5J6 1SFiZ3XCVZMDHesfAxQutVp5YiJca6UJWZLuSskZpgynYF7A1zudL8w1HaYozXV+ +pzpddX5v/4ZQ7QlCR2NkVp1q3mQWqFJJKBLkySfmoRqyJFxFJ20XdqrMPX6tyL+ 6tpCGFuwTbQWOaXkHt4TdCc/uHxcomsxmVXJU0/TToWpzW1aZLDc1+pNci2aSWDC hmvOS6DNG/7U+h6XiVSs/8/mk7LaxGiFfVJBiDTJiXOJ6NJU64r3rQ8RkK0Gc8sl uTDYGMNihvBHijyvH0xoaGRfXV1iUHMeJnjzhR5Kfe1dCW31GCRjGQ== =HKMO -----END PGP SIGNATURE-----