This policy is available in both HTML and signed Markdown.
I, Dimitri Torterat (Diti), am willing to sign (= certify) the following categories of public keys:
I am the owner of the following public key:
pub 4096R/CD42FF00 2013-05-14 Key fingerprint = FD4F 1D56 6452 19A0 C6F6 F9AB 31A4 9121 CD42 FF00
I live in the Paris area. Always available for keysigning.
An OpenPGP certification is all about verifying that the person I met is also the owner of the key I am signing. I will thus refuse to sign your key if you don't provide some kind of identification.
Once I have verified your IRL identity, I will send a first batch of e-mails to you, with "default" levels (see next section).
On a secure Linux machine, I sign your key with GnuPG like so:
gpg --ask-cert-level \ --cert-policy-url http://diti.me/pgp/#policy \ --cert-notation CD42FF00@diti.me=http://diti.me/pgp/certs/%f.notes.asc \ --sign-key <ID>
ask-cert-level option allows me to tell the keyservers how carefully I have verified your IRL identity, and certified your OpenPGP identity.
I will most of the time sign with level 2.
My default signature level depends on the type of UID.
Full Name=> just a name, matches your French government-issued ID => level 3
Full Name=> just a name, matches a government-issued ID I can't fully validate => level 2
Full name (<birthdate>)=> just information available on your ID => level 3 or 2
Full Name (I love pizza)=> I cannot fully confirm this info => level 1
Full Name <firstname.lastname@example.org>=> should test e-mail validity => level 1 or 2
[jpeg image of size 1337]=> unless I can verify your photo live => level 1
To get a level 0 or a level 3 signature, please ask me.