Issued: July 28, 2008
This policy is valid from Aug 1, 2008 for all key certifications made by the following OpenPGP key:
pub 4096R/E90C6E2B 2008-07-19 Key fingerprint = 478F A2A0 1D61 3A7F 4835 AD6E 8FA2 40F6 E90C 6E2B uid Fabrizio Tarizzo <fabrizio(%)fabriziotarizzo.org> uid Fabrizio Tarizzo <fabrizio(%)linux.it> uid Fabrizio Tarizzo <fabrizio-ml(%)fabriziotarizzo.org>
This policy conforms to generally accepted principles and practices of the OpenPGP users community.
I live near Asti and I work in Torino (Italy). I am open to certify keys at any time. The easiest way for verifying keys would be to meet me here in Asti or Torino. Another opportunity to get in personal contact would be to address me at certain computer related events in Italy (my presence in these events is usually announced on my personal website). I am also listed at biglumber.com, a web site about key certification coordination.
The applicant (the key holder who wishes to obtain a key certification from me) must make his/her OpenPGP public key available on a publicly accessible keyserver. My default keyserver is keyserver.linux.it.
The applicant should have prepared a strip of paper with a printout of the output of
gpg --fingerprint KEY-ID
(or equivalent command if not using GnuPG), where KEY-ID is the key ID of the key that is to be certified. A hand-written sheet featuring all user ID’s the applicant wants me to certify and the fingerprint will also be accepted, if clearly readable.
By requesting the key certification, the applicant declares to know and approve this policy and generally accepted principles and practices of the OpenPGP users community and obliges himself/herself to take all reasonable precautions to prevent loss, disclosure or unauthorized use of his/her secret key(s) and to immediately revoke his/her public key in any case of loss or compromise of the secret key.
The entire process of identity verification and certificate issuing is run on a voluntary, free of charge and best effort basis. Although I take all reasonable measures in verifying the applicant's identity and preventing compromise or misuse of my secret certification keys, I cannot grant any legal warranty nor guarantees.
The OpenPGP Web of Trust follows he principle of reciprocity, so the applicant should be willing to cross-certify with me.
I never certify someone’s key without having met him or her in person.
The applicant must prove his/her identity to me by way of a national ID card, a driver's licence, a passport or a similar document. The document must feature a photographic picture of the applicant.
At home, I will:
caffcertifies each user ID separately and send the certificated key in an encrypted email to each of them. Certificates will not be sent to keyservers, it's an applicant responsibility to update his/her key on public keyservers.
I certify keys using these certification levels:
caffwas not possible. I reserve to use this certification level also when I'm not familiar with the kind of presented document (i.e. foreign driver's licences, exotic countries passports or documents with very old photo).
Content and structure of this document are strongly based on the OpenPGP Key Signing Policy of Marc Mutz and Jörgen Cederlöf.