-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ## pgp policy =================================================================== OpenPGP key signing policy for Tomáš Pospíšek Fingerprint: 1482 937E ADEF FBB9 2326 9A8C EEBA 150C 2977 4B39 Policy URL: https://tpo.sourcepole.ch/EEBA150C29774B39.policy.txt Policy KEY: https://tpo.sourcepole.ch/EEBA150C29774B39.asc Created: 2018-11-28 Updated: 2018-11-30 =================================================================== This document explains my personal policy when signing PGP keys. KEY INFORMATION sec# rsa4096/0xEEBA150C29774B39 2014-11-12 [SC] Key fingerprint = 1482 937E ADEF FBB9 2326 9A8C EEBA 150C 2977 4B39 uid [ultimate] Tomas Pospisek uid [ultimate] Tomas Pospisek ssb> rsa4096/0x035E6ED3DF5BF61C 2014-11-12 [E] ssb> rsa4096/0x261F139080E51458 2014-11-12 [E] POLICY +------+---------------------------------------------------------+ | TYPE | SIGNATURE TYPE AND WHAT IT MEANS | +------+---------------------------------------------------------+ | sig0 | UNDEFINED Signature type | | | My older signatures did not have any level. Please | | | contact me if you want to have your key resigned with | | | some signature level. | +------+---------------------------------------------------------+ | sig1 | WEAK Signature type | | | I have signed this key without meeting the person face | | | to face, but have determined that they are almost | | | certainly the owner of this key. This signature type | | | is rarely used, but might indicate that I have verified | | | the key is owned by a particular project maintainer and | | | that key was used to sign a unique email to me and | | | to decrypt a message from me correctly. | +------+---------------------------------------------------------+ | sig2 | MEDIUM Signature type | | | I have met this person (or verified in some unambiguous | | | way for a group key or pseudonym). I may or may not | | | have checked their government ID. I have checked the | | | PGP fingerprint. I have also confirmed that they can | | | decrypt messages sent to the email address listed and | | | sign messages using this key. | +------+---------------------------------------------------------+ | sig3 | STRONG Signature type | | | I have met this person face-to-face and carefully | | | checked their PGP fingerprint and that the name on this | | | key ID matches the name on their government ID. I have | | | also confirmed that they can decrypt messages sent to | | | the email address listed and sign messages using | | | this key. | | | Note that my ability to dependably verify governement | | | IDs, in particular foreign ones is quite close to zero. | | | So the value of me verifying an ID is of doubtful | | | value. | +------+---------------------------------------------------------+ PROCEDURE Key fingerprint and UID is checked according to the policy above. SECURITY I try to keep my computing environment clean and up to date. ACKNOWLEDGMENTS This policy is based on the one by Jonathan Cross (https://jonathancross.com/C0C076132FFA7695.policy.txt). Thanks a lot Jonathan for your nice template! -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEFIKTfq3v+7kjJpqM7roVDCl3SzkFAlwBDH8ACgkQ7roVDCl3 SznTfA//VO+sdKhhgQFQ8s42rNyFJHkHLDQUJFchv6oH55ybHM7sT0o1br4sBtDh GDF2RMdOgTRkNW33JY5gOIq6AV4yf0LKjIeAI1JO5OxXJJUCT7hQDSyw3x4Da6bh 9BrzVhw2jV3qcnklwldaR/RtsdzIsTdeCrBfxRSLaLknJpbsheAJFKsFUinLJmRq s7WyUTNHde7KTBTzgcIg8ZgyuM1vz0O3x9Z3ytWoUz7DkrsVYLpF1rBZndC/nAkz 2snWXW6x0SyowI/UBH79PRC2UuhuwoJAeWkiqduVyUDBai52AQC8MrtwUHffqY3u FfbD1gGFiPSTxz6Zlpnn95XjxWONEvr9KIjk2NwGLucSMJY0hVAUYUVNYbKUXHX+ 6TbUn30Sz/CJJ7tS9i7vTtqA3rQonjp1ydzEU0RGr9TUHbjvXq6AiRKt/Z8p6daF 7qQtW2d3MRVXOp2IXE5UZnmeH1AhzIABk+2OQipdL60tVJW5Tjxbd6Bg/o9l15pk rYjdHPGqo/F8VIZUVL9HqJ4HLLQQAPrwd0hUXZDlUNuGJG2bLTCUSRKMtogj5WaZ /rARPBv8a1WhR9wYulPN2RLDvxsgQoi2BQw/ZPJIEWEg4y/PlC3D3c6fW8kRksE4 xn8P0HGPTspKXWiLOvN3r1tPeQuxantpEw+iwAj4wjMnCFjox9w= =KCQw -----END PGP SIGNATURE-----