PGP Signature Policy
The OpenPGP standard
specifies four types of signatures on public keys, numbered from 0x10 to
0x13. These are listed in the
Signature Types section of the standard. (Different programs may
represent these levels differently--GnuPG displays nothing for 0x10 and
numbers 0x11 through 0x13 as 1 through 3.)
I have certain criteria I use for each level of certification I use on
public keys:
0x10
Uncategorized. This signature was made before GnuPG gained support
for specifying the level of certification. It is possible that I may
use this for a signature that I refuse to categorize, but that has not
yet happened.
0x11
Very casual certification. This signature was made on a key of
someone whom I do not know personally and have only verified their
identity via some third-party identification that I reasonably trust.
(So far, that has been limited to state-issued driver's licenses.) The
email address in the uid appears to go to the named keyholder.
0x12
Personal knowledge of the keyholder. This signature was made on a key
belonging to someone I have known personally for long enough that I'm
reasonably sure of their identity. The email address certainly goes to
the keyholder.
0x13
Extremely high trust in the keyholder's identity. I have not yet used
this level of certification on anyone else's keys. In order for me to
do so would require that I do extensive research on the person to verify
their identity. I do not anticipate ever doing this, so for the moment,
the only keys signed with this level of certification will be my
own.
You may also check this policy against its
detached signature.
Phil! Gold