-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PGP Keysigning Policy of Todd M. Zullinger $Date: 2006-12-06 14:37:29 -0500 (Wed, 06 Dec 2006) $ There are three important types of information that need to be verified in order for me to sign/certify a key: 1) The identity of the person asking me to certify their key. 2) The key's fingerprint, id, size, and type 3) The email address(es) associated with the key This process requires a physical meeting where I can verify some form of photo ID where the name on the id matches the name on the key and the photo matches the person that has asked me to sign/certify the key. If the ID is of questionable authenticity or I am unable to recognize it as valid I will not sign the key. The key information (fingerprint, id, size, and type) must match the information that is provided to me by the key owner. I will send a random challenge to each user id on the key. If the key has encryption capabilities, the challenge will be encrypted. I won't sign any of the user id's on the key until I receive a signed reply from each of the user id's. If there are user id's on the key that have no valid email address associated with them, I won't sign the key unless the key owner can provide a good reason why those user id's are on the key. I won't sign a user id without a valid email address -- except perhaps a photo user id. If the above criteria are met, I will issue a level 2 certification. For someone I have known personally for many years I will issue a level 3 certification. Please note that by signing/certifying a key I am merely stating that the above conditions have been met. It is a statement about the key's validity, not about trust in the key owner. If you have any questions about this policy or suggestions for how it could be improved, please email me. My address is on my key. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQFDBAEBAgAtBQJFdxwyJhhodHRwOi8vd3d3LnBvYm94LmNvbS9+dG16L3BncC90 bXouYXNjAAoJEEMlk4u+rwzjeWAH/2SZqGtE+s9VPP3mQeqDsivfTmL67Efbhw4q zp9eKF1/cJ1FdLrsMm21uxmulJnx5pwT5WaIIdr7ZaUBOwe+m4L+ywn25pbon/aS OU+pSDl2J0ol5uZTYp7PueojPRXFgw9wvWrf4TVhNnfzGNB/RfWH3AEX7U925bF9 snHqEblLnvNL0XXgL/f263Q5H7938S1hzgmJqwQ4eUUXZSMCflyN9Xfs1SWnT6Lc nEKv1lzo7YqiMwNYy25qmX9p/D3Tp+I8//O81LZIfaxr2dvE4Aa+8TZbg9dKY/6y N3XbptlcEDlr9cLM6jEpB1frBh+KOvvuDPeCtphI1pk/+0GBU6Y= =zF0j -----END PGP SIGNATURE-----