GPG-Signed version of the document available at gpg/key-signing-policy.mdwn.asc.
Changelog
1.1 - 2011/04/26
- Adds Signature Level 2
- Adds Policy Design Notice
- Adds name normalization rule reference
- Adds Reference Section
1.0 - 2011/04/22
- Initial release of policy.
Definitions
SIGNER: Thomas Harning Jr
SIGNEE: person or other entity receiving key signature services
SIGNEE KEYS: keys and associated UIDs SIGNEE to be signed
SIGNATURE LEVEL: level of identity authentication assigned to signed SIGNEE KEYS
STANDARD SIGNING: standard signing process requiring a specified level of authentication in order to obtain a specific level of signature.
ACCELERATED SIGNING process in which authentication level is reduced due to prior engagement.
SIGNER KEY
Used until superceded/compromised/etc
NOTE: Email mangled to avoid email scanning.
sec# 3072R/B1DBAD54 2011-04-19
Key fingerprint = 2F0A FF2E A8A0 1485 C95B 8650 F0A4 C0F7 B1DB AD54
uid Thomas Harning Jr <harningt -ZAT- gmail -ZOT- com>
Available at gpg/B1DBAD54.gpg or via key servers (published directly to hkp://keys.gnupg.net)
Policy Design Notice (v1.1)
This policy is designed to carry version information with it to permit reasonable analysis of past-issued signatures and future signatures that may be made. Each section added/strongly modified will have version information attached in the form (vVERSION), as well as near minor additions where practical.
When a key is signed, the url will reference this document with the version in the fragment identifier (portion after '#') to allow identification of which version of the key signing policy was used to perform the signature. For example, a key signed 2011/04/26 would have the url:
http://www.eharning.us/gpg/key-signing-policy/#v1.1
If a section of text needs to be deleted from a future version, the general design policy will be to move the content into a lower "legacy" section to segregate it from the main body of active policy.
SIGNER Location
SIGNER is in the vicinity of Fort Wayne, Indiana, USA. The easiest way to obtain key signature services is to negotiating a public meeting place to exchange documents.
STANDARD SIGNING
Currently defined are requirements for Level 3 and Level 2 (v1.1) signatures.
As a standard rule for any signing I perform, I expect mutual signatures be performed. Level 1 (0x11 - no check) will not be considered an accepted mutual signature, a Level 0 (0x10 - generic) would be considered however since it does not imply that there was no authentication performed.
For conflicting information regarding the name in a UID, I will follow the guidelines outlined in http://wiki.cacert.org/PracticeOnNames based on http://www.cacert.org/policy/AssurancePolicy.php#2.1 as presented on the page as of 2011/04/26 for resolution.
SIGNATURE LEVEL: Level 3 - 0x13 - Careful Check
Prior to meeting, the SIGNEE must provide me with a means to obtain the SIGNEE KEYS to be signed. This may be via email, web page reference, or key server reference.
At the meeting, the SIGNEE must prove identity by means of identity card, passport, or driver's licence. The SIGNEE must also provide a copy of the SIGNEE KEYS fingerprints and UIDs to be signed.
Alternatively, the SIGNEE's identity may be considered validated by verbal confirmation by an individual I have known personally for least a year.
To authenticate the SIGNEE's ownership of the SIGNEE KEYS, I will send the signatures on the keys encrypted with one of the subkeys capable of encryption. If none is available, other arrangements may be made.
Any photo UIDs will be signed if they are representative of the SIGNEE. No photo UIDs with logos or that look considerably different than the SIGNEE will be signed.
SIGNATURE LEVEL: Level 2 - 0x12 - Casual Check (v1.1)
"Casual Checks" require less authentication than "Careful Checks" and can be used to help initiate the construction of a web-of-trust. Two methods are currently authorized for performing "Casual Checks":
- Detailed scan of United States Passport or State Identification Card
- PayPal-based exchange
To authenticate using a detailed scan of a United States Passport or State Identification Card:
- Create a detailed photo-copy of the form(s) of identification you wish to use.
- Handwrite your email address and key IDs on the copy and hand-sign it
- Scan this new document (preferably to a PDF or Jpeg) and prepare it as a digitally signed email or file using the key ID you wish to use
- Email it to harningt AT gmail DOT com
To authenticate using a PayPal-based exchange of money:
- Send me $1 USD to my PayPal account using "harningt AT gmail DOT com" as the email address to send funds to.
- In the 'Subject' field, let me know you wish key signing.
- In the 'Message' field, give account matching email address and key ID
- Send a separate email to the address signed with the key ID to be signed.
- After I have received these, I will send back the $1 and the signed key.
No photo UIDs will be signed with the currently stated Level 2 authentication mechanisms.
ACCELERATED SIGNING
The process of ACCELERATED SIGNING may be performed in a few cases:
- SIGNEE KEYS are superceded
- SIGNEE has additional SIGNEE KEYS to be signed
- SIGNER KEY is revoked
Since ACCELERATED SIGNING is a process by which authentication level is reduced within the context of trust of prior encounters, judgement is reserved for following through with the process. Following are some example factors that may be used in the judgement process:
- The SIGNEE KEYS must not have been revoked as:
- Compromised - no trust can be given to SIGNEE KEY signatures
- Lost - cannot receive SIGNEE KEY signature
- Signature revocations on SIGNEE KEYS will be considered within the context of the "trust" level associated with given 3rd party
- Subset of email addresses for UIDs of SIGNEE KEYS should be reachable
ACCELERATED SIGNING will almost always require the usage of a prior signed SIGNEE KEY to provide a chain-of-trust.
ACCELERATED SIGNING may also affect the SIGNATURE LEVEL applied to the SIGNEE KEYS.
Delivery of Signatures
Signature data will be encrypted using an associated encryption key of the SIGNEE KEYS and sent to the associated emails in the following way:
- Any non-email UIDs will be sent along with all of the emails
- If no email UIDs are to be signed, then an alternate contact email will be used.
- If an email bounces, a warning email will be sent to the other available addresses, expecting SIGNEE to fix the problem and respond for retry. At most three attempts will be made, until either email does not bounce or SIGNEE cancels signature on the failing UID
- If a response is recieved that a signature was not requested, a warning email will be sent to the other available addresses requesting clarification. If no satisfactory clarification is made, the specific UID signature is revoked due to lack of proof-of-ownership of the email address.
Email Contact Policy
At any time a SIGNEE may request any the following policies take place:
- SIGNER may not initiate contact, such for SIGNER KEY revocation
- SIGNER may not use ACCELERATED SIGNING process for authentications
- SIGNER may not respond to any communications from SIGNEE
- SIGNER may not change policies in place except on some authorization condition (ex: passcode in email)
References / Attribution
Addition of Level 2 - Casual Check
For version 1.1 of the document, I borrowed the general rules for casual signatures from Aaron Toponce's Key Signing Policy.