-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

===========================================
Key‐Signing Policy for key 4ABE3E3EBBF40E58
===========================================
:Author: Simon Edward Ward
:Contact: simon <at> bleah.co.uk
:Date: 2009-09-06
:Copyright: Copyright © 2009 Simon Edward Ward.
  Portions Copyright © 2009 Daniel Silverstone, Martin F. Krafft.

Preamble
========
This document defines the certification policy that applies to key
certification signatures made with the following key from 6th
September 2009: ::

    pub   4096R/4ABE3E3EBBF40E58 2009-08-30 [expires: 2014-08-29]
          Key fingerprint = 639A B2BB E09D 771A 3D34  91B4 4ABE 3E3E BBF4 0E58

Certification Policy
====================

Level 0 (generic certification)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Certification level 0 (generic certification) will not be used for key
signatures made according to this policy.

Level 1 (persona certification)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Certification level 1 (persona certification) will not be used for key
signatures made according to this policy.

Level 2 (casual certification)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Key signatures made with certification level 2 (casual certification)
assert the following:

1. The signee and I met in person under reasonable circumstances.

2. The signee provided a copy of their key fingerprint, along with the
   user IDs to sign, and at the time of certification:

   a) I verified that the fingerprint on the signee’s key matched the
      copy given to me;
   b) each signed user ID matched the copy of the user ID given to me.

3. I have have validated the signee’s identity through a legal
   identification document, and:

   a) The document featured a photograph representative of the signee;
   b) the format of the document was known to me at the time;
   c) the document showed know obvious signs of tampering.

4. Any of the following criteria are met:

   a) At least one form of identification is an internationally
      accepted identification document; or
   b) I have known the signee for a reasonable period of time.

5. The identity information on the identification document matched the
   user IDs signed.  A photographic user ID need not be identical to
   the photograph featured on the identification document.

6. The signee showed control over the key by successfully decrypting a
   a challenge, and responding to it with a signed message containing
   the correct challenge text intact.

For user IDs with email addresses or other communications addresses:

7. The signee was able to receive and respond to a challenge sent to
   the email or other communications address.

In the case of user IDs with comments that establish an affiliation,
the following is also certified:

8. I had no doubt at the time of certification that the signee was
   affiliated with the identified entity.

In the case of photographic user IDs, the following is also certified:

9. The photograph in the user ID was representative of the signee at
   the time of verification.

Level 3 (positive certification)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Key signatures made with certification level 3 (positive
certification) carry all the assertions of those made with
certification level 2 with the following modifications:

4. All of the following criteria are met:

   a) At least one form of identification is an internationally
      accepted identification document; and
   b) I have known the signee for a reasonable period of time; and
   c) there has been a non‐trivial amount of interaction between me
      and the signee during that period.

Validity of Certifications
~~~~~~~~~~~~~~~~~~~~~~~~~~
Certifications are only valid if they contain a policy URI to this
document, or another revision, which has been signed with my master signing
key or a sub‐key of that key.

Policy URIs have the format:

    http://bleah.co.uk/gpg/cert-policy/4ABE3E3EBBF40E58/[YYYYMMDD]?sha512sum=[SHA512SUM]

where [YYYYMMDD] is the date stamp, and [SHA512SUM] is the SHA-512
checksum of the whole document, including the in‐line signature.

Verification of the Policy Document
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There are three steps to verifying the integrity and authenticity of the
policy document, given a URI of the form defined above (remember that
[YYYYMMDD] and [SHA512SUM] are templates):

1. Download the policy using the policy URI given in the certification: ::

     wget -O [YYYYMMDD] "http://bleah.co.uk/gpg/cert-policy/4ABE3E3EBBF40E58/[YYYYMMDD]?sha512sum=[SHA512SUM]"

2. Verify the SHA-512 checksum of the downloaded document against the one in
   the policy URI: ::

     echo '[SHA512SUM]  [YYYYMMDD]' | sha512sum -c

   This step verifies that the policy document has not changed since the time
   the signature has been made, and thus the policy described is the actual
   policy that was in place at the time of signing.  Alternatives to
   ``sha512sum`` are ``openssl dgst -sha512``, and ``gpg --print-md SHA512``.

3. Verify the policy document with the OpenPGP signature: ::

     gpg --verify < [YYYYMMDD]

   This step verifies that the document itself is authentic and has been
   signed off by me.

If there are any doubts pertaining to the authenticity of the certification,
please do not hesitate to get in touch with me (contact information in the
header of this document).

Credits
~~~~~~~
Thanks to Daniel Silverstone for pointing me towards his policy, which showed
me the idea of using policy URIs including checksums, and for further input on
the use of certification levels.  Although I changed the style in which the
policy was written, much of the content is taken from his policy.

Revisions
~~~~~~~~~
A new revision of this policy document replaces all earlier versions, but
obviously does not affect previous certifications.

The latest revision can always be obtained via

http://bleah.co.uk/gpg/cert-policy/4ABE3E3EBBF40E58/current/

Change log:

* 2009-09-06: Initial version.

Licence
~~~~~~~
You may use this document under the terms of the Artistic Licence 2.0.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)

iQIcBAEBCgAGBQJKrMhbAAoJECRyzizpC9xm3TUP/iXZrWVjqYa+BmVe5LZxzvXH
euP28S+ikG4/Oi9xgArKvXOf3FP5HpvumaMutZrA9pYhNs5LjUAWvl2WRzxWdhIW
/L0MoibPUhs8iN4yFhJZ2NZXLyPy/w6kRhbqRwhMk7ctayYM1UhP/6t1hYSwVEuQ
rDyXIEEpdk1b4o5l5mrB2o8Ve4vXb5qSlNlzUM/XE4CTDtvz0NdDjrc6mE/sLff9
RT56y6tk6QxLT4ccgN+vg9Q6E8+Ys3k+Nqi9w43Rr1EGfcFNGF90uHIvnvMmknmV
XZakHUizShPg2ZJFa3dzQQTdyZ/sE2PhCm9o2uJvbcb1TMUr6f2cvJ6EP016J0Za
H2GPl/sNi0lXZceUSwtWLCSB+Wiz7p3ADHpeEKTrlRaVYa/B2mJWzJJoxSt3KN1L
bzJH8ejjbb1Z26nnCQ77AdO8ThGkf6dqM/m4zh3To+TqiQr88uWYN8vVTRq/miWp
Sx7kg31BJlVUAlyNJLT/jES8XSxzmvGUWkwNcnsDboxHuRBV03vj79gMrjXS7rYT
jXNYT/ze9U2/U8ArOJ0vxpNtWa+kdipx4FQEPY7iBmmw7TXsbSqoSLVWI5PC7nNN
F68eSculAsF3SCZBHzM+Aarb2W/8Ara4qf2x7IqbesNmR6D8Ky9vF/291/buObEK
JH1VOdwb+MUt5T9n/N9K
=rDDP
-----END PGP SIGNATURE-----