PGP Signature Policy
The OpenPGP standard specifies four types of signatures on public keys, numbered from 0×10 to 0×13. These are listed in the Signature Types section of the standard. (Different programs may represent these levels differently–GnuPG displays nothing for 0×10 and numbers 0×11 through 0×13 as 1 through 3.)
I have certain criteria I use for each level of certification I use on public keys:
0×10
Uncategorized. This signature was made before GnuPG gained support for specifying the level of certification. It is possible that I may use this for a signature that I refuse to categorize, but that has not yet happened.
0×11
Very casual certification. This signature was made on a key of someone whom I do not know personally and have only verified their identity via some third-party identification that I reasonably trust, like PGP Global Directory and CAcert.org’s. The email address in the uid appears to go to the named keyholder.
0×12
Personal knowledge of the keyholder. This signature was made on a key belonging to someone I have known personally for long enough that I’m reasonably sure of their identity. The email address certainly goes to the keyholder.
0×13
Extremely high trust in the keyholder’s identity, through personal meeting, fingerprint and ID check, like Debian style sign-party.
0 Responses.