“A nearly impenetrable thicket of geekitude…”

New Key Signing Policy

Posted on July 5, 2021 at 16:23

A few months into the current unpleasantness, it became pretty apparent that I wasn’t going to be doing much travelling any time soon. This made my PGP/GPG Key Signing Policy 2013-11-07 (which requires in-person meetings) almost entirely unusable for new signatures.

I still have a need to cross-sign keys with colleages, however, so I have put together a revised PGP/GPG Key Signing Policy 2021-02-25.

The new policy takes advantage of PGP’s ability to specify different signature certification levels depending on the strength of proofing performed (or on other factors; the specification is not precise with respect to the meaning of each level).

A level 3 certification (the only one I have used prior to writing the new policy) is still defined to require in-person physical meeting. I have however added the possibility of using the lower level 2 certification in the case of people who are already known to me who for one reason or another I can only meet on-line. The details are in the policy.