GnuPG Key Signing Policy of markus reichelt

v1.3.5, last modified: 2010-08-31

stylesheet: [green] [black]

Content

1. Preamble
2. Validity
3. Location
4. Prerequisites for signing
5. The act of signing
6. Signing requests of transitions to new keys
7. Levels of signatures
8. Finding a path of trust
9. Changelog
10. License

Preamble

This policy is valid for all signatures made by the following first four GnuPG keys:

pub  3072D/EE8D363D16879738 2009-07-02 Markus Reichelt <mr!mareichelt.de>
uid                            markus reichelt <mr!kleingeschrieben.de>
uid                            Markus Reichelt <markus.reichelt!gmx.net>
uid                            Markus Reichelt <mr!mareichelt.com>
uid                            Markus Reichelt <ml!mareichelt.com>
uid                            Markus Reichelt <ml!mareichelt.de>
uid                            Markus Reichelt <mr!fsfe.org>
uid                            Markus Reichelt <reichelt!antaris-organics.com>
uid                            [jpeg image of size 15158]
sub  3072D/C2AC3984 2009-07-02
sub  4096g/79BC3AD6 2009-07-02
sub  4096R/759950E6 2009-07-02
sub  4096R/B6ABBE1B 2009-07-02
sub  4096R/8F2FD913 2009-07-02
 Fingerprint: DCB3 281F 38B0 711A 41C0  DC20 EE8D 363D 1687 9738    view stats


pub  1024D/8AA362AFE97232CD 2003-12-30 markus reichelt <mr!mareichelt.de>
uid                            markus reichelt <markus.reichelt!gmx.net>
sub  1024g/6FBF8728 2003-12-30
 Fingerprint: 7442 FE49 B3A7 685D 2FD2  7BBB 8AA3 62AF E972 32CD    view stats

pub  1024D/A7DF587270D44C23  2004-05-14 Markus Reichelt <markus.reichelt!post.rwth-aachen.de> 
uid                          2010-08-31 Markus Reichelt <mr!mareichelt.com>
sub  2048g/A729BE86 2004-05-14
 Fingerprint: 6C98 4CF8 77C3 5CBD 3FC6  5E87 A7DF 5872 70D4 4C23    view stats

pub  1024D/E2011C279484197E  2008-01-14 Markus Reichelt <markus.reichelt!rwth-aachen.de> 
uid                          2010-08-31 Markus Reichelt <mr!mareichelt.com>
sub  4096g/3ADE8E56 2008-01-14
 Fingerprint: BC09 CFEF 13AE 6C53 C3C0  5CFC E201 1C27 9484 197E    view stats

pub  1024D/C2A3FEE4 2003-08-27 markus reichelt <ml!lists.notified.de>
pub  1024D/C2A3FEE4 2003-08-27 markus reichelt <ml!bitfalle.org>
pub  1024D/C2A3FEE4 2003-08-27 markus reichelt <ml!mareichelt.de>
sub  2048g/FA3025E2 2003-08-27
 Fingerprint: FFB8 E22F D2BC 0488 3D56  F672 2CCC 933B C2A3 FEE4

pub  1024D/B806322BCCEEF115 2007-08-04 markus reichelt (signing key for my custom slackware packages) <slackbuilds!mareichelt.de>
sub  4096g/4DB9DC00 2007-08-04
 Fingerprint: 39E8 D1EE A305 7D9D ADD4  F80B B806 322B CCEE F115

Please note: in this listing of key data "@" has been replaced by "!" - thank the spammers, the scum of the universe.

The keys can also be fetched from keyservers like sks.keyserver.penguin.de, hkp://subkeys.pgp.net, pool.sks-keyservers.net,or x-hkp://pgpkeys.pca.dfn.de.

• 0xEE8D363D16879738 - @mareichelt.com (new primary DSA2 key)
• 0x8aa362afe97232cd - @mareichelt.de, @gmx.net (primary key) deprecated
• 0xa7df587270d44c23 - @post.rwth-aachen.de (work) deprecated
• 0xe2011c279484197e - @rwth-aachen.de (new, work) deprecated

Transition to new primary key: Transition period has ended. Key ID EE8D363D16879738 is the main one now. All other previously listed keys will remain valid, though, even if UIDs and associated email addresses are no longer valid.

Please note that the following keys are listed for reference only:

• 0xc2a3fee4 - ml@ (mailinglists)
• 0xb806322bcceef115 - (my custom slackbuilds)

I only use the key with ID 0xc2a3fee4 for signing mails to mailinglists, and related encrypted mailings. Key ID 0xb806322bcceef115 is only used to sign my custom slackware packages, custom patches, and related encrypted mailings.

Please note that these keys are not to be signed, not to be uploaded to keyservers, and listed only for reference since they are my most widely-used keys you'll find signatures from on the net.

My signing policy might be replaced without further notice, though. In such a case this document will be linked in the new one.

This document is located at http://mareichelt.de/keys/gpg-key-signing-policy.php.

I participated at the following key signing parties:

• Key Signing Party Linux-Tage 2005 (Chemnitz)
• Key Signing Party Linuxtag 2006 (Wiesbaden)
• Key Signing Party Linuxtag 2008 (Berlin)
• Key Signing Party FOSDEM 2009 (Brussels)
• Key Signing Party Linux-Tage 2009 (Chemnitz)
• Key Signing Party Linuxtag 2009 (Berlin)
• Key Signing Party FrOSCon 2009 (Sankt Augustin)
• Key Signing Party FOSDEM 2010 (Brussels)
• Key Signing Party Linux-Tage 2010 (Chemnitz)
• Key Signing Party Linuxtag 2010 (Berlin)

As of June 2010, I'm also a CAcert Assurer. I can give you cacert-points if we meet in person. Send a mail to make an appointment, or check your area. And for your social networking expat foo have a look at Aachen Expat Meetup Group.

Validity

This policy supersedes my former one which was derived from the signing policy of Marcus Frings. It is in effect and binding for me from the date on which it has been updated. Major changes of procedure are explicitly mentioned.

Location

I live in the vicinity of Aachen (situated at the most western tip of Germany) and I am open to sign keys. The easiest way to verify identity and exchange signed keys would be to meet in Aachen. Occasionally I'm in Hamburg, Mönchengladbach, Düsseldorf, Köln, Berlin, and München. Meetings at computer related fairs are possible as well. I am also listed at biglumber.com, a site about key signing coordination.

Usually I keep track of upcoming events where it would be possible to meet in order to sign keys at http://mareichelt.de/keys/events.php.

Prerequisites for signing

The signee (the key owner who wishes to obtain a signature to his key from me, the signer) must make his public key available on a publicly accessible keyserver.

The signee must prove his identity to me by way of a valid identity card, a valid passport, or a valid driving licence, featuring a photographic picture of the signee. The signee's key must feature his real name, so a key/UID only containing a pseudonym will not be signed.

I will check both of these tokens for people I don't personally know. No exceptions.

The signee shall prepare a strip of paper with a printout of the output

gpg --fingerprint 0x1234567809abcdef

(or an equivalent command if the signee does not use GnuPG) where 0x1234567809abcdef is the key ID of the key to be signed.

A handwritten piece of paper featuring the fingerprint and all UIDs the signee wants me to sign will also be accepted.

I sign keys under the mutual agreement of cross-signing. Therefore it would be nice if you wouldn't forget to sign my keys too.

A signing request may be declined without giving reasons.

The act of signing

After having received sufficient proof of identity I will sign the signee's piece of paper myself to avoid fraud, and eventually sign the signee's key.

The signed keyblock will then be mailed to the signee, or uploaded to a keyserver if expressly wished.

Signing requests of transitions to new keys

I have received multiple requests via electronic messaging (email, jabber, ...) from people (whose keys I had already signed) to also sign their new keys.

In principle, I agree to the procedure when I am reasonably sure the request is not bogus/a scam, and the following conditions are met:

Any signing request of transition to a new key

• must at least be signed by the still valid original key (which I also signed),
• the new key must also be signed by the still valid original key (which I also signed),
• the owner of the new key must cross-sign my keys in return with the new key first,
• the new key will receive the same level of signature as the still valid original key (which I also signed).

However, such a signing request may be declined without giving reasons. If unsure, enquire first.

Levels of signatures

I use only two different levels of signatures, and here's why:

Level 3

A level of 3 is given to keys which successfully pass the following checks: I have met the signee in person, I have verified his identity card, passport, or driving licence, and his key's fingerprint. Photographic UIDs are also going to be signed with a level of 3.

Level 2

A Level of 2 is currently unused.

Level 1

A level of 1 is currently unused.

Level 0

A level of 0 is given to keys which participated at key signing parties.

Please note: I sign keys under the mutual agreement of cross-signing, as already stated. If I sign your keys and you eventually fail to sign mine I reserve the right to revoke any signatures in question.

Finding a path of trust

Enter your key ID for a simple text printout, courtesy of Henk P. Penning's keyfinder:

Enter your key ID for a graphical representation, courtesy of Jörgen Cederlöf's Wotsap:

Changelog

Version 1.3.5, 2010-08-31:

deleted unused UIDs, replaced with the sane mr!mareichelt.com UID

Version 1.3.4, 2010-06-15:

List of participated key signing parties updated, notice about being a CAcert Assurer added

Version 1.3.3, 2010-04-27:

ml UID added to key ID 0xEE8D363D16879738 listing

Version 1.3.2, 2010-03-14:

antaris-organics UID added to key ID 0xEE8D363D16879738 listing, notice of end of transition period added

Version 1.3.1, 2009-11-07:

fsfe UID added to key ID 0xEE8D363D16879738 listing

Version 1.3.0, 2009-07-02:

Key ID 0xEE8D363D16879738 listing, statement of transition to this key, trustpath forms added, and license changed to something sane.

Version 1.2.0, 2009-06-13:

Procedure about signing requests of transitions to new keys added, Act of signing procedure updated.

Version 1.1.1, 2008-05-30:

Note about revocation of signatures added, key ID 0xcceef115 listing added.

Version 1.1.0, 2006-07-09:

Minor Updates.

Version 1.0.0, 2006-05-30:

Initial Release.

License

Copyright (c) 2004 - 2010 markus reichelt.

Permission is granted to copy, distribute and/or modify this document under the terms of: (i) author is named (ii) page is linked. If in doubt, please contact me by sending an email in plain text only to the address listed below. Encrypted email is preferred.