OpenPGP keysigning policy

This policy is available in both HTML and signed Markdown.

I, Dimitri Torterat (Diti), am willing to sign (= certify) the following categories of public keys:

I am the owner of the following public key:

pub   4096R/CD42FF00 2013-05-14
  Key fingerprint = FD4F 1D56 6452 19A0 C6F6  F9AB 31A4 9121 CD42 FF00

I live in the Paris area. Always available for keysigning.

IRL identity check

An OpenPGP certification is all about verifying that the person I met is also the owner of the key I am signing. I will thus refuse to sign your key if you don't provide some kind of identification.

OpenPGP identity check

Once I have verified your IRL identity, I will send a first batch of e-mails to you, with "default" levels (see next section).

On a secure Linux machine, I sign your key with GnuPG like so:

gpg --ask-cert-level \
    --cert-policy-url http://diti.me/pgp/#policy \
    --cert-notation CD42FF00@diti.me=http://diti.me/pgp/certs/%f.notes.asc \
    --sign-key <ID>

Signature levels

The ask-cert-level option allows me to tell the keyservers how carefully I have verified your IRL identity, and certified your OpenPGP identity.

I will most of the time sign with level 2.

Level 0 (private)
The weakest in my web of trust; does not convey information about how carefully I checked identities. Only for signees who _explicitly ask for it._
Level 1 (incomplete)
For UIDs I have _checked, but not fully validated._
Level 2 (standard)
The default level I sign keys with. For UIDs I have _casually checked._
Level 3 (extended)
The strongest in my web of trust. For UIDs I have _**very carefully** checked._

My default signature level depends on the type of UID.
Example cases:

To get a level 0 or a level 3 signature, please ask me.

Changelog