Paul Jakma's PGP Signing Policy, v1.0 ------------------------------------- Level 1 / Low --------------- I have only circumstantial evidence to assert that the key belongs to UID concerned, eg through observation of correspondance from this UID over time. Alternatively, the UID concerned may be inherently hard to trust (eg role based UIDs). -- Level 2 / Medium ---------------- I have substantive evidence to assert that the key belongs to the UID concerned. Eg, I have interacted with the UID concerned over a significant period of time and have no reason to doubt the UID concerned is genuine. Further, I have exchanged encrypted email with this key with the UID concerned at least once and the key is also signed by other keys whom I have reasonable confidence in, or else I have exchanged encrypted email with the UID+key concerned several times over a significant period of time and I have verified the key fingerprint concerned via another, non-internet, channel (eg via telephone or in person). Note that there is no absolute trust, however an attacker would have had to have been quite determined, for they would have had to pose as the UID concerned on several occassions and would have had to do so to several other people (ie other signatories whom I have some degree of trust in) or else would have had to also compromise a second channel (eg the phone of the person concerned). -- Level 3 / High -------------- I have absolute confidence the key concerned belongs to the UID. Typically because the UID is one I have use of and control over. For a 3rd party UID, it would mean I know the party well, over an extensive period of time and have significant basis to trust their identity (either by means of documentation, or by indirect means) and that I have verified their key in person with them. -- Note that only signatures made as of 1-Jan-2005 conform to this policy. This version has been superceded by version 1.1: http://www.jakma.org/~paul/pgp_policy-1.1.txt Paul Jakma 2005-03-14 pub 1024D/64A2FF6A 1998-10-21 Paul Jakma Primary key fingerprint: 968B 5779 7DF0 1B5A 177E C415 D86B F794 64A2 FF6A ----------------------------------------------------------------------------- Signature of this document can be retrieved by appending .asc to the URL at which this document was found.