-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Key Signing Policy for Sven Strickroth ====================================== Date: 2006-04-01 This policy is valid for all signatures made using the key: pub 1024D/F5A9D4C4 created: 2005-01-09 uid Sven Strickroth Key fingerprint = 70AA EA5A AE06 AB3A 05B6 418D 1646 67A4 F5A9 D4C4 Although this policy was formally written on 2006-04-01, it was followed from the creation of my key. I understand the need for a public web of trust and the risks involved in indiscriminately signing keys. I have therefore never signed a key without verifying the identity of the key's owner to my own satisfaction and without matching the key to the owner. The signee is the key owner that receives a signature to his or her key from me, the signer. I always verify the signee its key fingerprint with the signee personally. For example the signee verified its key fingerprint printed on a sheet of paper. Level 3 (sig3): I have met the signee personally, verified the identity, my means of an official document with photographic picture, and verified, that the e-mail address of the signed uid belongs to the person, who has control over the key. This is done by a challenge-response system or by sending the signed key to the corresponding user id (both via encrypted mail). Level 2 (sig2): I have met the signee personally, verified the identity, by means of an official document with photographic picture, but not the e-mail address (for example because the key does not support encryption to it). Level 1 (sig1): Unused, keys are never signed without appropriate verification. Level 0 (sig): A level 0 signature is given to keys of Certification Authorities and other organizations after fingerprint verification by providing the fingerprint in an official publication in printed form. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 iD8DBQFELtSbFkZnpPWp1MQRAs+qAKCWuNlVpEsh06MmlaFv2PwsKISWnACgtz8m SWJFkxpqGeY4/URxOWjIvXE= =gH1x -----END PGP SIGNATURE-----