Key Signing Policy for Andrés J. Díaz
http://ajdiaz/gpg/policy.txt
Version: 2016-08-11



pub   rsa4096/0x5369AA4171B5139C 2016-02-13 [C] [expires: 2018-02-12]
      Key fingerprint = 90AD F27A 6AA5 5A78 9738  CDB1 5369 AA41 71B5 139C
      Keygrip = 1E5F5ABC6A38E52B48C89749A6D36AC5A58B92E9
uid                   [ultimate] Andres J. Diaz (Personal) <ajdiaz@ajdiaz.me>
sub   rsa4096/0x5CE181D35CEF8C82 2016-02-13 [S] [expires: 2021-08-23]
      Keygrip = BF3B86FF6301172ED3F162B4BC74ECC93745DA61
sub   rsa4096/0x6F443CF5C297F654 2016-02-13 [E] [expires: 2021-08-23]
      Keygrip = BBF8C5D70294E6C113D178280E30074D547068E7


This policy is used for signatures made by my GnuPG keys (which ids are
listed above), starting from 2016-02-11. (Some signatures before this date
were also made under the following conditions. No key was ever signed
without checking the identity of the person and the fingerprint.)

Before I sign a key, I

  - verify the identity of the person owning the to-be-signed key by
    looking at their identity card, equivalent official proof of identity
    or (in very few cases only) by knowing the person very good for a
    long time.
  - receive the key fingerprint from the key owner. This can be on a
    piece of paper or the fingerprint could get confirmed by the
    owner during a Key Signing Party or any other event.

A signature is always on an user id. By signing an user id, I confirmed
for myself,

  - that the person, who gave me the fingerprint of that key, had the
    claimed name - at the moment of identity check.

I do sign keys of persons from foreign countries as long as there is no
indication of fraud (detected by me).

Signatures by my GnuPG key(s) do not have any legal relevance.

Description of my use of trustlevels:

  sig3 - I have verified the identity and verified, that the e-mail address
         of the signed uid belongs/belonged to the person, who has/had
	       control over the key. This is done by a challenge-response system
	       or by sending the signed key to the corresponding user id
	       (both via encrypted mail).

  sig2 - I have verified the identity - but not the e-mail address (for
         example because the key does not support encryption to it).

  sig1 - unused at the moment.

Signatures made by caff might not have any special trustlevel.
(Trustlevel would be "sig3".)


CHANGELOG

2016-02-11  Create new policy and remove some prerequisites for signing, as
  also remove the location section, act of signing and sig0 level.
  Old policy: http://ajdiaz.me/gpg/policy.until_2016-02-11.txt

2016-08-11  Update expired date for subkeys. Old policy:
  http://ajdiaz.me/gpg/policy.until_2016-08-11.txt