Usage Policies for OpenPGP Keys v1.4 As keys collect signatures in the course of their lifetime I will only publish the fingerprints within this document as the keys and signatures should always be available on the public key servers. My Old retired pre-policy key: pub 1024D/3DC9F946 1999-11-30 [revoked: 2006-04-04] Key fingerprint = 1319 D7E5 12DE 640C 1B14 39A9 21C2 5754 3DC9 F946 uid Jeremy T. Bouse uid Jeremy T. Bouse (JB5713) This policy document does not apply to this key as the use of this general purpose key has been retired in favor of the new keys below. My Old retired primary keys: pub 1024D/6D2112AA 2002-04-11 [revoked: 2006-12-19] Key fingerprint = 2A06 920A 30F6 02EF AD1B 89B0 5499 EB87 6D21 12AA uid Jeremy T. Bouse (NTT Multimedia Communications Laboratories, Inc.) pub 1024D/E5F96419 2006-12-05 [revoked: 2008-07-07] uid Jeremy T. Bouse (Reflex Security, Inc.) These retired keys should have properly authenticated revocation certificates submitted to the keyservers. If you have these keys in your keyring please refresh them. My Debian primary key: pub 1024D/29AB4CDD 2002-03-27 Key fingerprint = C745 FA35 27B4 32A6 91B3 3935 D573 D5B1 29AB 4CDD uid Jeremy T. Bouse (Debian Maintainer Key) This key is used solely for works pertaining to the Debian GNU/Linux Project and my duties as a Debian Developer. My Personal primary key: pub 1024D/62DBDF62 2002-03-27 Key fingerprint = E636 AB22 DC87 CD52 A3A4 D809 544C 4868 62DB DF62 uid Jeremy T. Bouse This key is used for all personal work related to personal and personal consulting business through UnderGrid Network Services or other personal ventures. My Work primary key: No current primary key in use. Key storage policy: Primary keys are stored offline on an encrypted removable storage media with multi-word pass phrases making use of mixed alphanumerics. This removable media is stored in a fire safe along with a CD-ROM containing the revocation certificates for all keys and a hard copy print-out of each revocation certificate. This key is only removed from storage when needed to sign a key or management of subkeys. Subkeys for each of the primary keys are stored on an encrypted USB flash drive with multi-word pass phrases making use of mixed alphanumerics and kept on my person at all times. Subkeys shall have a lifetime of 24 to no more than 30 months enforced via an expiration date at which time a new subkey shall be generated using the primary key. In general new subkeys are issued every 24 months with 6 months overlap for subkey propagation through the keyserver network. At no time are either keys, primary or sub, moved off of the encrypted storage media. All access is done directly from the decrypted mount point connection. Signature policy usage: Signatures made by primary keys covered under this policy later than the published date of this document are only considered valid if they contain a policy URL of the form: http://undergrid.net/legal/gpg/policy// is the date the policy was issued is the md5sum has of the policy document is the sha1sum has of the policy document is the sha256sum has of the policy document A valid policy document will have clear-signed signature files by all current active primary keys covered by that policy at a URL of the form: http://undergrid.net/legal/gpg/signature// is the date the policy was issued is the Key ID of the primary key Preferred keyserver & Public Key Association (PKA) usage: All current keys will have a Preferred keyserver set. This will denote the public keyserver that I upload my key to so should be current. The preferred keyserver will also be a Synchronizing Key Server (SKS) and not the older OpenPGP Public Key Server (PKS) which have a known problems with newer keys using subkeys. If I have control over DNS for a domain I have a key for I will also publish DNS PKA records for valid email addresses to enable auto-retrieval of public keys. Location of this document: http://undergrid.net/legal/gpg/policy/20091121 Version History: 20091120 - General update and clarification Included option for SHA256 checksum 20080707 - Revised URI location of policy Included option for SHA1 or MD5 checksum 20080706 - Updated primary and retired keys Included PKA and Preferred Keyserver usage 20061219 - Updated primary and retired keys Included primary usage of specific keys Revised URI location of policy 20060403 - Revised URI location of policy 20030811 - Initial publication of policy