Usage Policies for OpenPGP Keys						v1.4

	As keys collect signatures in the course of their lifetime I will 
only publish the fingerprints within this document as the keys and signatures
should always be available on the public key servers.

My Old retired pre-policy key:

pub   1024D/3DC9F946 1999-11-30 [revoked: 2006-04-04]
      Key fingerprint = 1319 D7E5 12DE 640C 1B14  39A9 21C2 5754 3DC9 F946
uid                  Jeremy T. Bouse <jbouse -at- debian.org>
uid                  Jeremy T. Bouse (JB5713) <undrgrid -at- undergrid.net>

	This policy document does not apply to this key as the use of this
general purpose key has been retired in favor of the new keys below.


My Old retired primary keys:

pub   1024D/6D2112AA 2002-04-11 [revoked: 2006-12-19]
      Key fingerprint = 2A06 920A 30F6 02EF AD1B  89B0 5499 EB87 6D21 12AA
uid                  Jeremy T. Bouse (NTT Multimedia Communications Laboratories, Inc.) <jeremy -at- nttmcl.com>

pub   1024D/E5F96419 2006-12-05 [revoked: 2008-07-07]
uid                  Jeremy T. Bouse (Reflex Security, Inc.) <jeremy.bouse -at- reflexsecurity.com>

	These retired keys should have properly authenticated revocation 
certificates submitted to the keyservers. If you have these keys in your 
keyring please refresh them.


My Debian primary key:

pub   1024D/29AB4CDD 2002-03-27
      Key fingerprint = C745 FA35 27B4 32A6 91B3  3935 D573 D5B1 29AB 4CDD
uid                  Jeremy T. Bouse (Debian Maintainer Key) <jbouse -at- debian.org>
     
	This key is used solely for works pertaining to the Debian GNU/Linux
Project and my duties as a Debian Developer.


My Personal primary key:

pub   1024D/62DBDF62 2002-03-27
      Key fingerprint = E636 AB22 DC87 CD52 A3A4  D809 544C 4868 62DB DF62
uid                  Jeremy T. Bouse <Jeremy.Bouse -at- UnderGrid.net>

	This key is used for all personal work related to personal and
personal consulting business through UnderGrid Network Services or other
personal ventures.


My Work primary key:

	No current primary key in use.


Key storage policy:

	Primary keys are stored offline on an encrypted removable storage
media with multi-word pass phrases making use of mixed alphanumerics. This
removable media is stored in a fire safe along with a CD-ROM containing the
revocation certificates for all keys and a hard copy print-out of each 
revocation certificate. This key is only removed from storage when needed
to sign a key or management of subkeys.

	Subkeys for each of the primary keys are stored on an encrypted USB
flash drive with multi-word pass phrases making use of mixed alphanumerics
and kept on my person at all times. Subkeys shall have a lifetime of 24 to 
no more than 30 months enforced via an expiration date at which time a new 
subkey shall be generated using the primary key. In general new subkeys are
issued every 24 months with 6 months overlap for subkey propagation through
the keyserver network.

	At no time are either keys, primary or sub, moved off of the encrypted
storage media. All access is done directly from the decrypted mount point
connection.

Signature policy usage:

	Signatures made by primary keys covered under this policy later than 
the published date of this document are only considered valid if they contain 
a policy URL of the form:

	http://undergrid.net/legal/gpg/policy/<date>/<md5|sha1|sha256>
		<date> is the date the policy was issued
		<md5> is the md5sum has of the policy document
		<sha1> is the sha1sum has of the policy document
		<sha256> is the sha256sum has of the policy document

	A valid policy document will have clear-signed signature files by
all current active primary keys covered by that policy at a URL of the form:

	http://undergrid.net/legal/gpg/signature/<date>/<key>
		<date> is the date the policy was issued
		<key> is the Key ID of the primary key


Preferred keyserver & Public Key Association (PKA) usage:

	All current keys will have a Preferred keyserver set. This will denote
the public keyserver that I upload my key to so should be current. The preferred
keyserver will also be a Synchronizing Key Server (SKS) and not the older OpenPGP 
Public Key Server (PKS) which have a known problems with newer keys using subkeys.

	If I have control over DNS for a domain I have a key for I will also publish 
DNS PKA records for valid email addresses to enable auto-retrieval of public keys.


Location of this document:
http://undergrid.net/legal/gpg/policy/20091121

Version History:
20091120 - General update and clarification
           Included option for SHA256 checksum
20080707 - Revised URI location of policy
	   Included option for SHA1 or MD5 checksum
20080706 - Updated primary and retired keys
           Included PKA and Preferred Keyserver usage
20061219 - Updated primary and retired keys
           Included primary usage of specific keys
           Revised URI location of policy
20060403 - Revised URI location of policy
20030811 - Initial publication of policy

Related links

GnuPG Key Policy Manager v0.9.0
Designed by Jeremy T. Bouse - Copyright © 2009- UnderGrid Network Services